RMX Release Notes v8.1.4.J

[Type the document title]



 Version 8.1.4.J | January 2014 | DOC2713A

Polycom® RealPresence® Collaboration Server  (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments

Polycom Document Title

1

Trademark Information POLYCOM® and the names and marks associated with Polycom's products are trademarks and/or service marks of Polycom, Inc., and are registered and/or common law marks in the United States and various other countries. All other trademarks are the property of their respective owners. Patent Information The accompanying product may be protected by one or more U.S. and foreign patents and/or pending patent applications held by Polycom, Inc.

This software has achieved UC APL certification.

This document provides the latest information for security-conscious users running Version 8.1.4.J software. The information in this document is not intended to imply that DoD or DISA certifies Polycom RMX systems.

© 2014 Polycom, Inc. All rights reserved. Polycom, Inc. 6001 America Center Drive San Jose CA 95002 USA

No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Polycom, Inc. Under the law, reproducing includes translating into another language or format. As between the parties, Polycom, Inc., retains title to and ownership of all proprietary rights with respect to the software contained within its products. The software is protected by United States copyright laws and international treaty provision. Therefore, you must treat the software like any other copyrighted material (e.g., a book or sound recording). Every effort has been made to ensure that the information in this manual is accurate. Polycom, Inc., is not responsible for printing or clerical errors. Information in this document is subject to change without notice.

Regulatory Notices

Warning

•

No user-serviceable parts inside. Do not open.

•

The plug-socket combination must be accessible at all times, because it serves as the main disconnecting device

•

This equipment must be earthed. Do not power this equipment if the integrity of themains earthing conductor cannot be verified

•

Only trained and qualified personnel should be allowed to install, replace, service or repair this equipment

•

To prevent system overheating do not operate in an ambient temperature exceeding 40° C / 104° F

•

Installation of this equipment must comply with local and national electrical codes.

Environmental This product is compliant with the requirements of the recast RoHS Directive 2011/65/EU. Information can be obtained from Polycom Ltd, 270 Bath Road, Slough, Berkshire, SL1 4DX, UK or via: [email protected] Information on recycling can be found at: www.polycom.com/WEEE Disposal of this equipment should be carried out in accordance with local environmental guidelines and regulations for waste. For further information please contact: [email protected] Batteries Below is a listing of batteries that could be present in the product: Description:Internal CMOS battery Type:CR2032 Lithium Coin Cell Weight:3.3g Batteries used in this product are in compliance with EU Battery Directive 2006/66/EC. Batteries in this product are not based on mercury, lead or cadmium technologies. Batteries in this product are not intended to be replaced or removed by the user Additional information on the safe use and recycling of batteries can be found at: www.polycom.com/batteries

United States Federal Communication Commission (FCC) This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: 1. This device may not cause harmful interference. 2. This device must accept any interference received, including interference that may cause undesired operation. Modifications: Any modifications made to this device that are not approved by Polycom, Inc. may void the authority granted to the user by the FCC to operate this equipment.

Industry Canada (IC) This Class [A] digital apparatus complies with Canadian ICES-003 Cet appareil numerique de la classe [A] est conforme a la norme NMB-003 du Canada

European Economic Area (EEA) Česky [Czech]:

Polycom (UK) Ltd tímto prohlašuje, že tento Polycom RMX je ve shodě se základními požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES.

Dansk [Danish]:

Undertegnede Polycom (UK) Ltd erklærer herved, at følgende udstyr Polycom RMX overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.

Deutsch [German]:

Hiermit erklärt Polycom (UK) Ltd, dass sich das Gerät Polycom RMX in Übereinstimmung mit den grundlegenden Anforderungen und den übrigen einschlägigen Bestimmungen der Richtlinie 1999/5/ EG befindet.

Eesti [Estonian]:

Käesolevaga kinnitab Polycom (UK) Ltd seadme Polycom RMX vastavust direktiivi 1999/5/EÜ põhinõuetele ja nimetatud direktiivist tulenevatele teistele asjakohastele sätetele.

English:

Hereby, Polycom (UK) Ltd. Declares that this Polycom RMX is in compliance with the essential requirements and other relevant provisions of Directive 1999/5/EC.

Español [Spanish]:

Por medio de la presente Polycom (UK) Ltd declara que el Polycom RMX cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999/5/CE.

Ελληνική [Greek]:

ΜΕ ΤΗΝ ΠΑΡΟΥΣΑ Polycom (UK) Ltd ∆ΗΛΩΝΕΙ ΟΤΙ Polycom RMX ΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩ∆ΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ∆ΙΑΤΑΞΕΙΣ ΤΗΣ Ο∆ΗΓΙΑΣ 1999/5/ΕΚ.

Français [French]:

Par la présente Polycom (UK) Ltd déclare que l’appareil Polycom RMX est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999/5/CE.

Italiano [Italian]:

Con la presente Polycom (UK) Ltd dichiara che questo Polycom RMX è conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999/5/CE.

Íslenska (Icelandic):

Hér með lýsir Polycom (UK) Ltd yfir því að Polycom RMX er í samræmi við grunnkröfur og aðrar kröfur, sem gerðar eru í tilskipun 1999/5/EC

Latviski [Latvian]:

Ar šo Polycom (UK) Ltd deklarē, ka Polycom RMX atbilst Direktīvas 1999/5/EK būtiskajām prasībām un citiem ar to saistītajiem noteikumiem.

Lietuvių [Lithuanian]:

Šiuo Polycom (UK) Ltd deklaruoja, kad šis Polycom RMX atitinka esminius reikalavimus ir kitas 1999/ 5/EB Direktyvos nuostatas.

Nederlands [Dutch]:

Hierbij verklaart Polycom (UK) Ltd dat het toestel Polycom RMX in overeenstemming is met de essentiële eisen en de andere relevante bepalingen van richtlijn 1999/5/EG.

Malti [Maltese]:

Hawnhekk, Polycom (UK) Ltd, jiddikjara li dan Polycom RMX jikkonforma mal-ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li hemm fid-Dirrettiva 1999/5/EC.

Magyar [Hungarian]:

Alulírott, Polycom (UK) Ltd nyilatkozom, hogy a Polycom RMX megfelel a vonatkozó alapvetõ követelményeknek és az 1999/5/EC irányelv egyéb elõírásainak.

Norsk [Norwegian]:

Polycom (UK) Ltd erklærer herved at utstyret Polycom RMX er i samsvar med de grunnleggende krav og øvrige relevante krav i direktiv 1999/5/EF.

Polski [Polish]:

Niniejszym Polycom (UK) Ltd oświadcza, że Polycom RMX jest zgodne z zasadniczymi wymaganiami oraz innymi stosownymi postanowieniami Dyrektywy 1999/5/WE.

Português [Portuguese]:

Polycom (UK) Ltd declara que este Polycom RMX está conforme com os requisitos essenciais e outras disposições da Directiva 1999/5/CE.

Slovensko [Slovenian]:

Polycom (UK) Ltd týmto vyhlasuje, že Polycom RMX spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/ES.

Slovensky [Slovak]:

Polycom (UK) Ltd týmto vyhlasuje, že Polycom RMX spĺňa základné požiadavky a všetky príslušné ustanovenia Smernice 1999/5/ES.

Suomi [Finnish]:

Polycom (UK) Ltd vakuuttaa täten että Polycom RMX tyyppinen laite on direktiivin 1999/5/EY oleellisten vaatimusten ja sitä koskevien direktiivin muiden ehtojen mukainen.

Svenska [Swedish]:

Härmed intygar Polycom (UK) Ltd att denna Polycom RMX står I överensstämmelse med de väsentliga egenskapskrav och övriga relevanta bestämmelser som framgår av direktiv 1999/5/EG.

A full copy of the Declaration of Conformity can be obtained from Polycom Ltd, 270 Bath Road, Slough, Berkshire, SL1 4DX, UK.

China CCC EMC statement

警告 此为 A 级产品，在生活环境中，该产品可能会造成无线电干扰。在这种情况下，可能需要用户对干 扰采取切实可 行的措施。

Taiwan BSMI EMC statement

Japan VCCI EMC statement

This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions.

Worldwide EMC statement This is a class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures.

Optional ISDN interface card If the above is fitted to the system then the following statements also apply; United States Federal Communication Commission (FCC) This equipment complies with Part 68 of the FCC rules and the requirements adopted by the ACTA. On the ISDN card itself is a label that contains, among other information, a product identifier in the format US:AAAEQ##TXXXX. If requested, this number must be provided to the telephone company. The following USOC, FIC and SOC codes are applicable to this equipment; USOC Jacks: RJ48S Service Order Code: 6.0N Facility Interface Code: 04DU9.DN, 04DU9.BN, 04DU9.1KN, 04DU9.1SN If this equipment causes harm to the telephone network, the telephone company will notify you in advance that temporary discontinuance of service may be required. But if advance notice isn't practical, the telephone company will notify the customer as soon as possible. Also, you will be advised of your right to file a complaint with the FCC if you believe it is necessary. The telephone company may make changes in its facilities, equipment, operations or procedures that could affect the operation of the equipment. If this happens the telephone company will provide advance notice in order for you to make necessary modifications to maintain uninterrupted service. If trouble is experienced with this equipment, for repair or warranty information, please contact Polycom Inc in the U.S.A. 1-888248-8294. If the equipment is causing harm to the telephone network, the telephone company may request that you disconnect the equipment until the problem is resolved. Connection to party line service is subject to state tariffs. Contact the state public utility commission, public service commission or corporation commission for information.

Table of Contents

Table of Contents Version 8.1.4.J - New Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Version 8.1.4.J - Changes to Existing Security Features . . . . . . . . . . . . . . . . . . . . . 2 Version 8.1.4.J - New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Version 8.1.4.J - Changes to Existing Features . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Version 8.1.4.J - Interoperability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Devices ...................................................................................................................................... 11 Polycom RMX and Avaya Interoperability ................................................................ 15 RMX Web Client ...................................................................................................................... 15 Windows 7™ Security Settings ..................................................................................... 15 Internet Explorer 8 Configuration ................................................................................. 17 Polycom Solution Support ..................................................................................................... 20

Version 8.1.4.J - Upgrade Package Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Where to Get the Latest Product Information ..................................................... 21

Upgrade Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Guidelines ................................................................................................................................. 22 Upgrade Paths to Version 8.1.4.J ........................................................................................... 24 Upgrading from Version 7.5.1.J / 7.5.2.J to Version 8.1.4.J. .............................................. 25 Upgrading from Version 7.5.0.J to Version 7.5.1.J. ............................................................. 28 Upgrading from Version 7.0.2 to Version 7.5.0.J ................................................................ 29 Upgrading from Version 5.0.2 to Version 7.5.0.J ................................................................ 32 Intermediate Upgrade from Version 5.0.2 to Version 7.0.2 ....................................... 32 Upgrade from Version 7.0.2 to Version 7.5.0.J ............................................................ 34 Upgrading from Versions 5.1.0.G to Version 7.5.0.J ........................................................... 34 Intermediate Upgrade from Version 5.1.0.G to Version 5.0.2 ................................... 34 Intermediate Upgrade from Version 5.0.2 to Version 7.0.2 ....................................... 35 Upgrade from Version 7.0.2 to Version 7.5.0.J ............................................................ 36 Additional/Optional System Updates After Upgrading .................................................. 36 IVR Services Update ....................................................................................................... 36 Media Encryption ............................................................................................................ 37 DMA Compatibility ........................................................................................................ 37 SHA-256 (Secure Hash Algorithm) Password Encryption ........................................ 37 DNS per IP Network Service ......................................................................................... 38 LAN Redundancy ............................................................................................................ 38 Troubleshooting ............................................................................................................... 38 Upgrading the RMX Manager Application. ........................................................................ 39

Version 8.1.4.J Detailed Description - New Security Features . . . . . . . . . . . . . . . . 40 MLPP (Multi Level Precedence and Preemption) .............................................................. 40 Enabling Precedence ....................................................................................................... 41 SIP Message ...................................................................................................................... 41 Dial-in calls ............................................................................................................... 41 Dial-out calls ............................................................................................................. 44 Precedence Level Change ....................................................................................... 44

Polycom, Inc

i

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Configuring and Modifying Precedence Domains and DSCP Values ..................... 45 System Flags ..................................................................................................................... 46 Changes to Existing Flags ....................................................................................... 46 New Flags .................................................................................................................. 46 Monitoring Precedence Level ........................................................................................ 47 IEEE 802.1X Authentication ................................................................................................... 47 Certificate Repository .............................................................................................. 47 Enabling and Configuring 802.1X Authentication .............................................. 48 System Flags ............................................................................................................. 49 Disabling 802.1X Authentication ........................................................................... 49 Ethernet Monitoring ................................................................................................ 50 White List Access ..................................................................................................................... 50 Guidelines ................................................................................................................. 50 Enabling, Disabling and Modifying the White List ............................................ 51 Alternative Network Address Types (ANAT) .................................................................... 53 Guidelines ................................................................................................................. 53 System Flag ............................................................................................................... 53 BFCP Over UDP – AS-SIP Content ....................................................................................... 54 Guidelines ......................................................................................................................... 54 Enabling AS-SIP Content ................................................................................................ 55 System Flag ............................................................................................................... 55 DNS per IP Network Service .................................................................................................. 56 Guidelines ................................................................................................................. 56 Internet Control Message Protocol (ICMP) .......................................................................... 57 Guidelines ................................................................................................................. 57 System Flag: ENABLE_ACCEPTING_ICMP_REDIRECT ................................. 57 System Flag: ENABLE_SENDING_ICMP_DESTINATION _UNREACHABLE ................................................................................................... 58

Version 8.1.4.J - Changes to Existing Security Features . . . . . . . . . . . . . . . . . . . . 59 Password Encryption - Migration from SHA-1 to SHA-256 ............................................. 59 Upgrade / Downgrade Guidelines ....................................................................... 60 Non-hashed Passwords .......................................................................................... 61 PKI Online Certificate Status Protocol OCSP ...................................................................... 62 Changes to the RMX Web Client and RMX Manager ................................................ 63 Adding Certificates to the Certificate Repository ....................................................... 64 Personal Certificates ................................................................................................ 64 Certificate Validation Option ................................................................................. 65 Certificate Revocation ............................................................................................. 67 Revocation Method .................................................................................................. 67 PKI Self-signed Certificate ...................................................................................................... 68 Self-signed Certificate Creation ............................................................................. 68 Media Encryption and Authentication ................................................................................. 69 System Flag ............................................................................................................... 69 SIP TCP Keep-Alive ................................................................................................................. 70 Keep Alive Frequency ............................................................................................. 72 SNMP ......................................................................................................................................... 72 Guidelines ................................................................................................................. 72

ii

Polycom, Inc

Table of Contents

MIBs (Management Information Base) ........................................................................ 73 MIB Files ................................................................................................................... 73 Private MIBs ............................................................................................................. 73 Support for MIB-II Sections ................................................................................... 73 The Alarm-MIB ........................................................................................................ 73 H.341-MIB (H.341 – H.323) .................................................................................... 74 Standard MIBs .......................................................................................................... 74 Unified MIB .............................................................................................................. 75 Traps .................................................................................................................................. 76 Guidelines ................................................................................................................. 76 Status Trap ................................................................................................................ 78 Defining the SNMP Parameters in the RMX ............................................................... 78

Version 8.1.4.J Detailed Description - New Features . . . . . . . . . . . . . . . . . . . . . . 86 New Video Resolution 1080p60 ............................................................................................ 86 Guidelines ......................................................................................................................... 86 CP Resolution Decision Matrix ..................................................................................... 86 H.264 Base Profile and High Profile Comparison .............................................. 87 Default Minimum Threshold Line Rates and Resource Usage Summary ...... 89 Enabling HD1080p60 ...................................................................................................... 89 Endpoint Connection .............................................................................................. 91 System Flags ............................................................................................................. 92 Layout Overlays ...................................................................................................................... 93 Guidelines ................................................................................................................. 93 Non-encrypted Conference Message ................................................................................... 96 Guidelines ......................................................................................................................... 96 Multiple Cascading Links ...................................................................................................... 98 Guidelines ................................................................................................................. 98 Enabling and Using Multiple Cascade Links ............................................................ 100 Creating a Link Participant .......................................................................................... 102 Link Participant in the Dial Out RMX ................................................................ 102 Participant Link in the Dial In RMX ................................................................... 103 Monitoring Multiple Cascade Links ........................................................................... 104 Disconnection Causes ........................................................................................... 104 Speaker Change Threshold .................................................................................................. 105 Exclusive Content Mode ...................................................................................................... 106 Guidelines .............................................................................................................. 106 FECC Control ......................................................................................................................... 108 Mute Participants Except Lecturer ...................................................................................... 110 Guidelines ............................................................................................................... 110 Enabling the Mute Participants Except Lecturer Option ................................. 111 Network Quality Indication ................................................................................................. 112 Guidelines ....................................................................................................................... 113 Network Quality ............................................................................................................ 113 Indication Threshold Values ................................................................................ 113 Customizing Network Quality Indicator Display .................................................... 114 Content at HD1080p Resolution .......................................................................................... 115 Guidelines ....................................................................................................................... 115

Polycom, Inc

iii

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Modifying the Threshold Line Rate for HD Resolution Content ........................... 116 Disabling HD Resolution Content ............................................................................... 117 System Flags ........................................................................................................................... 117 IBM SUT RTCP Flow Control ...................................................................................... 117 RTCP-FB .................................................................................................................. 117 System Flag ............................................................................................................. 118 SIP RTCP_FIR_ENABLE ............................................................................................... 118 Exporting and Importing Conference Templates ............................................................. 118 Exporting Conference Templates ................................................................................ 118 Exporting All Conference Templates from an MCU ........................................ 119 Exporting Selected Conference Templates ......................................................... 121 Importing Conference Templates ................................................................................ 122 Exporting and Importing Conference Files ....................................................................... 124 Guidelines ....................................................................................................................... 124 Exporting Conference Profiles ..................................................................................... 124 Exporting All Conference Profiles from an MCU ............................................. 124 Exporting Selected Conference Profiles .............................................................. 125 Importing Conference Profiles ..................................................................................... 126 Managing Noisy Content ..................................................................................................... 127 Content Display Flags ........................................................................................... 128 Direct IP Dialing ..................................................................................................................... 128 Dial-out Calls .................................................................................................................. 128 Dial-in Calls .................................................................................................................... 129 Enabling or Disabling Direct IP Dialing ..................................................................... 130 Microsoft Certification - Microsoft Lync Integration ....................................................... 130 FEC Support ................................................................................................................... 130 ICE Over TCP ................................................................................................................. 130 Media Over TCP ............................................................................................................ 131 Meeting Room Presence Modes ................................................................................... 131 Connecting an RMX Meeting Room to a Microsoft AV-MCU Conference ........... 131 Network Error Recovery ............................................................................................... 132 SIP Dialog Recovery ...................................................................................................... 132 Polycom Open Collaboration Network (POCN) .............................................................. 133 Collaboration with Microsoft and Cisco .................................................................... 133 Solution Architecture .................................................................................................... 134 Call Flow ................................................................................................................. 136 Administration ............................................................................................................... 136 DMA ........................................................................................................................ 136 Microsoft Lync Server ........................................................................................... 137 CUCM ...................................................................................................................... 137 Solution Interoperability Table ............................................................................ 137 TIP Layout Support & Resource Usage ...................................................................... 139 Supported TIP Resolutions and Resource Allocation .............................................. 139 Supported Resolutions .......................................................................................... 139 Resource Allocation ............................................................................................... 139 Configuring the Microsoft, Cisco and Polycom Components ................................ 140 Encryption ............................................................................................................... 146

iv

Polycom, Inc

Table of Contents

Guidelines ............................................................................................................... 146 Resolution Configuration ............................................................................................. 150 Endpoints ................................................................................................................ 150 Content .................................................................................................................... 151 Operations During Ongoing Conferences ................................................................. 151 Monitoring .............................................................................................................. 151 Known Limitations ........................................................................................................ 154 .......................................................................................................................................... 155 NAT (Network Address Translation) Traversal ............................................................... 156 Deployment Architectures ................................................................................................... 156 Remote Connection Using the Internet ...................................................................... 156 Business to Business Connections ............................................................................... 157 FW (Firewall) NAT Keep Alive ................................................................................... 157 System Configuration in SBC environments ..................................................... 158 BFCP Over UDP .................................................................................................................... 159 Guidelines ....................................................................................................................... 159 Dial-out Connections ............................................................................................ 159 Dial-in Connections ............................................................................................... 160 Monitoring BFCP ........................................................................................................... 161 ICE with Multiple Network Services .................................................................................. 161 Guidelines ....................................................................................................................... 162

Version 8.1.4.J Detailed Description - Changes to Existing Features . . . . . . . . . . 163 Multi-Level Address Book ................................................................................................... 163 Guidelines ....................................................................................................................... 164 Upgrading and Downgrading Considerations ................................................. 164 Displaying the Address Book ...................................................................................... 164 Managing the Address Book ....................................................................................... 165 Adding a New Participant ................................................................................... 165 Deleting a Participant ........................................................................................... 166 Copying or Moving a Participant ....................................................................... 166 Adding Participants to Conferences ................................................................... 167 Managing Groups in the Address Book ............................................................. 167 Adding Groups to Conferences ........................................................................... 169 Searching the Address Book ........................................................................................ 169 Obtaining the Display Name from the Address Book ..................................................... 170 Guidelines ....................................................................................................................... 170 Enabling and Disabling the Obtain Display Name from Address Book Feature 170 Interactive Video Forcing ..................................................................................................... 172 Guidelines ....................................................................................................................... 172 Dragging a Participant to the Video Layout Window ............................................. 173 Participant Connection Status ............................................................................................. 173 Guidelines ....................................................................................................................... 174 Customized Content Rate .................................................................................................... 174 Guidelines ............................................................................................................... 174 Selecting a Customized Content Rate ........................................................................ 175 Active Alarms Reduction ..................................................................................................... 177 Packet Loss Compensation (LPR and DBA) ...................................................................... 179

Polycom, Inc

v

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

CDR Changes ......................................................................................................................... 179 Multi-part CDR .............................................................................................................. 179 Guidelines ....................................................................................................................... 180 Accessing Multi-Part CDR Files .......................................................................... 180 New CDR Event 34 ........................................................................................................ 180 Gateway Redial ...................................................................................................................... 181 Guidelines ............................................................................................................... 181 Redial on Wrong Number ............................................................................................ 181 Wrong Destination Number ................................................................................. 182 Wrong Destination Number Time-out ............................................................... 182 Disconnect on Busy ........................................................................................................ 183 Disconnect on No Answer ............................................................................................ 183 Disconnect on Wrong Number .................................................................................... 183 New IVR Messages ........................................................................................................ 183 H.323 & SIP Protocol Flag Options ..................................................................................... 184 H.323 & SIP Flag Settings ............................................................................................. 184 Flag name: SIP_TIMERS_SET_INDEX ............................................................... 184 Flag name: H323_TIMERS_SET_INDEX ............................................................ 185 Flag name: DISABLE_DUMMY_REGISTRATION .......................................... 185 New Euro ISDN Switch Type .............................................................................................. 186 CDR Changes ......................................................................................................................... 186 CDR List Additions ....................................................................................................... 186 Unformatted CDR Files - GMT Offset ........................................................................ 187 Changes to the Management Network Dialog Box .......................................................... 188 RMX Manager - MCU Auto Reconnection ........................................................................ 189

Corrections and Known Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 Corrections Between Version 7.5.2.J and Version 8.1.4.J ................................................. 190 Version 8.1.4.J - System Limitations ................................................................................... 214

Troubleshooting Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 RMX Web Client Installation - Troubleshooting Instructions ......................................... 255 Procedure 1: Ending all Internet Explorer Sessions .................................................. 256 Procedure 2: Deleting the Temporary Internet Files, RMX Cookie and RMX Object ............................................................................................................. 256 Deleting the Temporary Internet Files ................................................................ 257 Deleting the RMX/Collaboration Server Cookie .............................................. 259 Deleting the RMX/Collaboration Server ActiveX Object ................................ 260 Procedure 3: Managing Add-ons Collisions .............................................................. 261 Procedure 4: Add the Collaboration Server to the Internet Explorer Trusted Sites List ............................................................................................................ 262 Procedure 5: Browser Hosting Controls (Optional) .................................................. 264

vi

Polycom, Inc

Version 8.1.4.J - New Security Features

Version 8.1.4.J - New Security Features Table 1

New Security Features

#

Category

Feature Name

1

Security

MLPP (Multi Level Precedence and Preemption)

Precedence is the method by which a call is assigned a priority level. The RMX supports two separately defined and configurable Precedence Domains.

2

Security

IEEE 802.1X Authentication

Provides enhanced security of wireless local area networks that follow the IEEE 802.11 standard.

3

Security

White List Access

Provides for enhanced security of web access to the RMX, by using a White List containing the addresses of all IP devices permitted to connect to the RMX.

4

Security

NTP

Beginning with this version, the RMX will use only the RTM-IP card as the NTP client to the NTP server. The clock setting can be maintained by the battery on the RTM-IP card in the event of system restart or shutdown. In previous versions both the RMX CPU and the RTM-IP card were clock sources. Support has been added for IPv6 addressing and depending on the RMX’s selected IP addressing mode, both IPv4 and IPv6 addressing modes can be used.

5

Security

Alternative Network Address Types (ANAT)

Alternative Network Address Types (ANAT) is supported allowing a mixture of IPv4 and IPv6 addressing to be specified by the Session Description Protocol (SDP).

6

Security

Support of Previously Blocked Features

The following previously blocked features are supported: • SIP

Description

• • • • •

SIP TLS SIP Digest SNMP Recording Link AS SIP Content is supported.

7

Security

DNS per IP Network Service

A DNS can be defined for each IP Network Service defined.

8

Security

Internet Control Message Protocol (ICMP)

The following System Flags have been added to enable the administrator to control ICMP Redirect and Destination Unreachable messages: • ENABLE_ACCEPTING_ICMP_REDIRECT

•

Polycom, Inc.

ENABLE_SENDING_ICMP_DESTINATION_UNREACHABLE

1

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 1

New Security Features

#

Category

Feature Name

9

Security

New Flag: SIP_TCP_TLS_TIM ERS

Description Determines the timeout characteristics of SIP TCP TLS connections. Format:: SIP_TCP_TLS_TIMERS = The string contains the following parameters: Ct - Timeout of TCP CONNECT operation (seconds) Cs - Timeout of TLS CONNECT operation (seconds) A - Timeout of accept operation (seconds) D - Timeout of disconnect operation (nanoseconds) H - Timeout of handshake operation (seconds) Default:

(Module: CS)

10

Interoperability: Redcom

New Flags: REDUCE_CAPS_FO R_REDCOM_SIP

To accommodate deployments where some devices have limits on the size of the SDP payload in SIP messages (such as LSCs from Redcom running older software versions), when the flag value = YES, the SDP size is less than 2kb and includes only one audio and one video media line. Default: NO

11

Interoperability: Redcom

SIP_FORMAT_GW_ HEADERS_FOR_RE DCOM

Controls whether the RMX adds special gateway prefix and postfix characters to the user portion of the SIP URI expressed in the “From” and “Contact” headers of SIP messages sent during calls involving Gateway Services. The addition of these characters can result in call failures with some SIP call servers. It is recommended to set this flag to YES whenever the RMX is deployed such that it registers its conferences to a SIP call server. Range: YES, NO Default: NO

Version 8.1.4.J - Changes to Existing Security Features Table 2

2

Changes to Existing Security Features

#

Category

Feature Name

1

Security

ULTRA_SECURE_ MODE System Flag

Description From Version 8.1.4.J this System Flag is hidden. It was visible in all previous versions, up to and including Version 7.8. The flag must be manually added to the System Configuration before its value can be modified.

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

Table 2

Changes to Existing Security Features

#

Category

Feature Name

2

Security

SIP TLS Encryption Key Length

Description TLS certificates can be generated using the following methods: CSR, PFX and PEM. Encryption Key length (bits): • SIP Signaling:

• • • Security

Additional Certificate Fields

5

Security

Security

Password Encryption Migration from SHA-1 to SHA-256

PKI

CSR - 2048 (Generated by RMX)

•

Subject Alternative Name (SAN): Allows the optional inclusion of Domain Name (of the 802.1X Authentication Server), FQDN, Short DNS, or IP Address information during certificate creation.

•

Hash Method: Allows the selection of the output value for the Secure Hash Algorithm.

• • 4

PFX / PEM - 1024 or 2048 (Generated by User)

Management / LDAP:

• 3

CSR - 2048 (Generated by RMX)

SHA-256 the output value is 256 bits. SHA-1 the output value is 160 bits.

Beginning with this version, SHA-256 (Secure Hash Algorithm) becomes mandatory for: • Application login passwords.

• •

Linux operating system passwords CSRs (Certificate Signing Requests)

The PKI feature set has been enhanced and expanded to include: • Option to disable PKI in Ultra Secure Mode (Certificate Validation Option)

• •

Online Certificate Status Protocol (OCSP) PKI Self-signed Certificate

6

Security

SIP TCP Keep-Alive

The NAT Keep Alive method has been enhanced according to IETF RFC 5626 and RFC 6223.

7

Security

Media Encryption and Authentication

In compliance with UC_APL_SEC_0013, the RMX supports an additional Privacy Protocol the AES_CM_128_HMAC_SHA1_32, in addition to AES_CM_128_HMAC_SHA1_80

8

General

SNMP

SNMP enables managing and monitoring of the MCU status by external managing systems, such as HP OpenView or through web applications.

Polycom, Inc.

3

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Version 8.1.4.J - New Features Table 3

New Features

#

Category

Feature Name

1.

Video

New Video Resolution 1080p 60

This version adds the option of HD1080p resolution at 60 fps for improved resolution of motion video.

2

Conferencing

Layout Overlays

Layout Overlays allow additional participant endpoints to be displayed in 1x1 conference Video Layouts.

3

Conferencing

Non-encrypted Conference Message

When mixing encrypted and non-encrypted endpoints in a conference using the “Encrypt When Possible” encryption option in the Conference Profile the encryption status of the conference can change as encrypted and non encrypted participants connect and disconnect.

4

Conferencing

Multiple Cascading Links

This version adds support for Multiple Cascade Links between RMXs hosting conferences that include Immersive Telepresence Rooms (ITP) such as Polycom’s OTX and RPX Room Systems.

5

Conferencing

Speaker Change Threshold

The amount of time a participant must speak continuously until becoming the speaker is now configurable.

6

Conferencing

Exclusive Content Mode

Exclusive Content Mode allows the administrator to limit Content broadcasting to one participant, preventing other participants from interrupting the Content broadcasting while it is active.

7

Conferencing

FECC Control

FECC can be enabled and disabled for individual conferences in the Conference Profile.

8

Conferencing

Mute Participants Except Lecturer

All participants in the conference except for the lecturer can be automatically muted upon connection to the conference, preventing interruption of the lecture, accidentally or by participants with noisy connections.

9

Conferencing

Network Quality Indication

A Network Quality Indicator is displayed for each participant in the CP layout indicating the quality of the participants’ video channels.

10

Conferencing

Content at HD1080p Resolution

Endpoints that support H.264 can now receive H.239 Content at the following resolutions: • HD720p at 30fps

Description

• 11

4

General

System Flag - SIP RTCP Flow Control

HD1080p at 15fps

You can modify the TMMBR parameter (Temporary Maximum Media Stream Bit Rate) by adding the following flags: RTCP_FLOW_CONTROL_TMMBR_ENABLE Enables/disables the SIP RTCP flow control parameter. Default: YES RTCP_FLOW_CONTROL_TMMBR_INTERVAL System Flag and setting its value as required. Range: 5 - 999 (seconds) Default: 180

Polycom, Inc.

Version 8.1.4.J - New Features

Table 3

New Features (Continued)

#

Category

Feature Name

12

General

System Flag - SIP RTCP_FIR_ENABLE

RTCP_FIR_ENABLE When set to YES, the Full Intra Request (FIR) is sent as INFO (and not RTCP). Default = YES

13

General

Exporting and Importing Conference Templates

Conference Templates can be exported from one MCU and imported to multiple MCUs in your environment. Additionally, you can export Conference Templates and their associated Conference Profiles simultaneously.

14

General

Exporting and Importing Conference Profiles

Conference Profiles can be exported from one MCU and imported to multiple MCUs in your environment, enabling you to copy the Conference Profiles definitions to other systems.

15

General

Exporting and Importing System Configuration files

System Flags can be exported from one MCU and imported to multiple MCUs in your environment.

16

General

Managing Noisy Content

The system can identify participants who send frequent requests to refresh their content display, subsequently causing the content display of the conference to refresh and degrade the viewing quality. These participants are tagged as noisy content participants. The system can identify participants who send frequent requests to refresh their Content display, subsequently causing the Content display of the conference to refresh and degrade the viewing quality. These participants are tagged as Noisy Content participants. This process is controlled by the following system flags: • MAX_INTRA_REQUESTS_PER_INTERVAL_CONTENT

Description

• •

MAX_INTRA_SUPPRESSION_DURATION_IN_SECONDS_CONTENT CONTENT_SPEAKER_INTRA_SUPPRESSION_IN_SECONDS

17

General/IP

Direct IP dialing

For RMXs registered to a gatekeeper, the RMX can be configured to dial and receive calls to and from H.323 endpoints using the IP address in the event that the Gatekeeper is not functioning.

18

Partners: Microsoft Certification

Lync 2013 Client Support

The RMX interoperability level with Lync 2013 is identical to Lync 2010. The following supported Lync 2010 feature set is supported with Lync 2013: • RTV

• • • • • • • 19

Partners: POCN

Polycom, Inc.

Collaboration with Microsoft and Cisco

FEC support ICE over TCP Media over TCP Network Error Recovery SIP Dialog Recovery Additional meeting room presence mode Connecting an RMX meeting room to an AV-MCU conferences

The POCN solution, enables Polycom, Microsoft and Cisco users, each within their own environment, to participate in the same conference running on an RMX.

5

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 3

6

New Features (Continued)

#

Category

Feature Name

20

Partners; Avaya, Redcom, NEC-Sphere

LSC Interoperability

Basic SIP proxy / server interoperability is supported for Local Session Controllers.

21

Network

NAT (Network Address Translation) Traversal

NAT Traversal is a set of techniques enabling participants behind firewalls to use Session Border Controllers (SBC) to connect to conferences, hosted on the RMX, remotely using the internet. This version includes support for an additional Business to Business Connection.

22

Network

BFCP Over UDP

•

BFCP over UDP improves interoperability with SIP Clients that share Content using this protocol.

•

AS SIP Content is supported

Description

23

Network

ICE - Multiple Network Services

One Network Service including ICE can be configured per media card installed in the RMX.

24

Management

Troubleshooting

If a Browser Environment Error occurs, the user is given the options of running the Automatic Troubleshooting Utility or performing the Troubleshooting Procedures manually.

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Features

Version 8.1.4.J - Changes to Existing Features Table 4

#

Changes to Existing Features (Continued) Category

Feature Name

Description

1

Conference

Address Book Multi-level Address Book

The RMX Address Book can be organized into a multi-level hierarchical structure. It can be used to mirror the organizational layout of the enterprises and it is especially suitable for large-scale enterprises with a considerable number of conference participants, organizational departments, and divisions.

2

Conference

Address Book Obtaining Display Name from the Address Book

The MCU can be configured to replace the name of the dial-in participant as defined in the endpoint (site name) with the name defined in the address book.

3

Conference

Interactive Video Forcing

Participants in ongoing conferences can be interactively forced to a Video Window in the conference layout by using Drag and Drop.

4

Conference

Participant Connection Status

The Participants list header displays real-time connection status information of Endpoints and Cascade Links in the selected conference.

5

Conferencing

Disconnect Last Invited Participant

A new DTMF code allows you to disconnect the last Invited Participant. The DTMF code is configurable: #72 is recommended.

6

Conferencing

Customized Content Rate

Customized Content Rate is an additional Content Setting that allows manual definition of the Conference Content Rate.

7

General

System Flags IVR

The following System Flags no longer require a system reset in order for flag changes to take effect: • IVR_MESSAGE_VOLUME

• • 8

General

Fast Configuration Wizard

General

Polycom, Inc.

Active Alarms Reduction

IVR_ROLL_CALL_VOLUME

Two additional dialog boxes in the Fast Configuration Wizard enable RMX Time and a new Administrator User (Default User replacement) to be defined. The two active alarms related to these system requirements are no longer displayed when setting up a new system. • RMX Time parameters are described in the RMX Administration and Utilities chapter section of the RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide.

•

9

IVR_MUSIC_VOLUME

Default User deletion and replacement are described an the end of the Fast Configuration Wizard section in the RealPresence Collaboration Server (RMX) 1500/2000/4000 Getting Started Guide.

Several of the Active Alarms have been moved to the Faults List, reducing the number of Active Alarms generated by the RMX.

7

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 4

#

Changes to Existing Features (Continued) Category

Feature Name

Description

10

General

Reduced Logger Messages

Process improvements have been made to the log file output and a reduction in the logger messages has been implemented. Messages have been reduced by condensing the number of messages, and log message texts have been revised.

11

General

Conference IVR Service

A new message type, Blip on Cascade Link, was added to the Conference IVR Service - General dialog box. The message/tone *.wav file assigned to this message type is played when the link to the cascaded conference is connected successfully.

12

General

RMX Support for Microsoft Lync 2013 Clients

The RMX interoperability level with Lync 2013 is the same as the interoperability level with Lync 2010.

13

General

Packet Loss Compensation (LPR and DBA)

The LPR (Lost Packet Recovery) check box in the New Profile - Advanced and Profile Properties - Advanced dialog boxes has been renamed Packet Loss Compensation (LPR and DBA).

14

General

Cascading Conferences

The RMX can be defined as Master on Level 1 and the MGC can be defined as Slave in levels 2 and 3.

15

General

CDR Changes: - Multi-part CDR - Event 34 - Additional Columns - Unformatted files

By default, the maximum CDR (Call Data Record) file size is limited to 1MB. When a CDR file reaches a size of 1MB the file is saved and further call data recording is stopped and the additional data is lost. The RMX can be configured to keep recording the data in multiple CDR file set of 1MB each. Multi-Part CDR ensures that conference call data from long duration or permanent conferences is recorded and not lost. A new event (34) was added to the CDR file. It includes information of the maximum line rate, maximum resolution and maximum frame rate used by H.323 or SIP participant during the conference. In the CDR List, two new fields have been added: • GMT Start Time

•

File Retrieved In unformatted CDR files the GMT Offset and GMT Offset Sign fields are now supported.

16

General

User Authorization Level

A new User Authorization Level, Administrator - Read Only, has been added to this version.

17

General

RMX 1500Q Video/Voice Port Configuration (Slider) Change

On the RMX 1500Q, when a video license of 25 ports is purchased, the Video/ Voice Port Configuration (Slider) uses a different formula based on the license information to calculate the conversion ratio between audio and video ports.

18

Network

Gateway Redial

Additional Redial options and IVR messages have been included for Gateway Calls to numbers that are wrong, adding functionality to the RMX’s Gateway capabilities when used in conjunction with communication servers (H.323, SIP, ISDN) such as Polycom’s CMA and DMA.

19

Network

SIP Digest

SIP digest now supports the following methods: SERVICE - for edge server credentials and for publishing presence.

• •

8

REFER - in call transfer.

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Features

Table 4

#

Changes to Existing Features (Continued) Category

Feature Name

20

Network

SIP Registration

RMX’s registering to SIP servers, when SIP registration is not enabled in the conference profile, will each register with an URL derived from its own signaling address. This unique URL replaces the non-unique URL, dummy_tester, used by all RMXs in previous versions.

21

Network

Changes to the Management Network dialog box

The Secured Communications check box has been moved to the Management Network - Security tab from the Management Network - IP tab. In the Management Network - Security dialog box, the Request Peer Certificate check box has been renamed to Skip certificate validation for user logging session.

22

Network

New Euro ISDN Switch type

A new T1 Switch Type has been added: EURO ISDN for Taiwan.

23

Network

Set Default ISDN/ PSTN Network

In the ISDN/PSTN Network Services pane, the Set Default ISDN/ PSTN Network Services icon has been changed to the following:

24

Network

Default flag value: LAN_REDUNDA NCY

The default value of the LAN_REDUNDANCY System Flag has been changed to NO. If the flag value is set to YES and either of the LAN connections (LAN1 or LAN2) experiences a problem, an active alarm is raised stating that there is no LAN connection, specifying both the card and port number.

25

Partners

IBM

For IBM SameTime Unified Telephony Lite (SUT) clients, RTCP-FB replaces the use of SIP INFO messages when the RMX issues an INTRA request or other flow control commands to change the video rate.

26

Partners

Microsoft

Registration with Presence has increased up to 100 conferencing entities to a single SIP Server.

27

RMX Manager

Add MCU Dialog Box

Auto Reconnection options have been added to the Add MCU dialog box.

28

System Configuration

New flag for KeepAlive Requests interval

The flag CPU_TCP_KEEP_INTERVAL_SECONDS was added to the system configuration. This flag indicates the interval in seconds between the KeepAlive requests. Default value: 75 seconds. Range: 10-720 seconds.

29

System Configuration

New flag for clock drift

The flag MUX_DATA_FLUSHING_FREQUENCY was added to the system configuration. This flag indicates the number of additional data flushes to be performed. Default value: 2 Range: 0-6 This is for use when the RMX has a clock drift from external ISDN clock source (ISDN switch). The threshold for the drift is 20 milliseconds per 30 second interval. If clock drift is detected, depending on the flag value, the RMX performs additional data flushes to the external MUX in each 30 second interval in order to avoid losing synchronization, avoiding disconnection, video freezes or breaks in audio.

Polycom, Inc.

Description

9

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 4

#

Changes to Existing Features (Continued) Category

Feature Name

30

System Configuration

New flag for KeepAlive Request

The flag CPU_TCP_KEEP_ALIVE_TIME_SECONDS was added to the system configuration. This flag indicates when to send the first KeepAlive indication to check the TCP connection. Default value: 7200 seconds (120 minutes) Range: 600-18000 seconds When there are NAT problems, this default may be too long and the TCP connection is lost. In such a case, the default value should be changed to 3600 seconds (60 minutes) or less.

31

System Configuration

Flag Name Change

The MAX_CONF_PASSWORD_REPEATED_CHAR System Flag has been renamed to MAX_CONF_PASSWORD_REPEATED_DIGITS

32

Video

Video Preview

H.264 High Profile is supported with Video Preview.

33

Video

Content - Legacy Endpoints

The Send Content to Legacy Endpoints check box has been moved to the Profiles - Video Quality tab from the Profiles - Video Settings tab.

10

Description

Polycom, Inc.

Version 8.1.4.J - Interoperability

Version 8.1.4.J - Interoperability Devices The following table lists the devices with which Version 8.1.4.J was tested. Table 2-1

Version 7.7 Device Interoperability Table

Device

Version

Gatekeepers/Proxies Polycom Netgear WGR614 (VBP AP and H460)

V11.2.x

Polycom VBP5300 E/ST

V11.2.x

Polycom CMA

6.2.0.ER22

Polycom RealPresence Resource Manager (XMA)

7.3.0,7.1.1

Polycom PathNavigator Polycom SE200 Polycom RMX Gateway

8.1.6

Cisco (Tandberg) VCS

X7.2.2

Cisco (Tandberg) Gatekeeper

N6.1

Cisco (Tandberg) Gateway

G3.2

Cisco 3241 Gateway

2.1(1.43)p

Cisco 3745 Gatekeeper Radvision ECS gatekeeper

7.1.2.12

Radvision Scopia P10 Gateway

5.7.2.0.25

Microsoft OCS Server Microsoft Lync Server

4.0.7577.183 (CU5version)

Microsoft Lync Server W15

Lync Server 2013- 5.0.8308.0

Broadsoft Proxy

R18SP1

Vidyo GW RPAD

2.1

Recorder

Polycom, Inc.

Polycom RSS 2000

8.5

Polycom RSS 4000

8.5

11

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 2-1

Version 7.7 Device Interoperability Table (Continued)

Device

Version

MCUs, Call Managers Network Devices and Add ins Polycom MGC 25/50/100 and MGC+50/100

9.0.4.3

Polycom RMX 1000

2.1.2

Polycom DMA 7000

6.0.2

LifeSize MCU BlueJeans MCU Radvision Scopia Elite Avaya Communication MGR

R016x.02.0.823.0 Patch 20199

Avaya Aura Session Manager

V6.3.0.0.630039

Avaya Aura Communication Manager as Evolution Server

R016x.02.0.823.0 Patch 20199

Cisco Call Manager

9.0/9.1

Cisco (Tandberg) Codian 4505 MCU

4.4(3.49)

Cisco Telepresence Server IBM WebSphere Application Server

7.0.0.15 (Network Deployment) plus required WebSphere iFixes.

Siemens Server

V7.00.01.ALL.07_PS0010.E11

Acme Packets SBC

SBC ACME Net-Net 3820 Firmware SCX6.2.0 MR-8 Patch 4 (Build 1005)

Endpoints

12

Polycom HDX Family

3.1.1.3, 3.1.2

Polycom GS Family

4.1.1

Polycom Telepresence (ITP) Systems

3.1.1.3, 3.1.2

Polycom VSX and V-Series Family

9.0.6.2

Polycom Viewstation Family

7.5.4 or higher

Polycom Viewstation FX/EX/4000

6.0.5 or higher

Polycom CMA Desktop

5.2.4

Polycom CMA Desktop for MAC

5.2.4

Polycom QDX6000

4.0.3

Polycom Real Presence Desktop

3

Polycom RealPresence Mobile iPad

3

Polycom, Inc.

Version 8.1.4.J - Interoperability

Table 2-1

Version 7.7 Device Interoperability Table (Continued)

Device

Version

Polycom RealPresence Mobile Android

3

Polycom m100

1.0.5

Polycom VVX1500

4.0.4

Polycom VVX500

4.1.3

Polycom VVX600

4.1.3

Polycom PVX

8.0.16

Polycom iPower 9000

6.2.x

Polycom Sound Point 601 SIP

3.1.7

Polycom SoundPoint 650 SIP

4.0.3

Polycom SoundStation IP4000 SIP

3.1.7

Polycom SoundStation IP7000

4.0.3

Polycom HDX Touch Controller

1.7

Avaya IP Softphone

Polycom, Inc.

Avaya one-X Communicator

v6.1.8.06-SP8-40314

Avaya 1000 series endpoint

v4_8_3_24

Avaya Desktop Video endpoint

v 1.1.2.020002

LifeSize Desktop client

2.0.2.191

LifeSize Express 220

4.11.13

LifeSize Passport

4.11.13

LifeSize Room

4.7.22

LifeSize Team 200

4.7.22

LifeSize Team 220

4.11.13

Cisco (Tandberg) 150 MXP

L6.1

Cisco (Tandberg) 1700 MXP

F9.3.1

Cisco (Tandberg) 6000 MXP

F9.3.1

Cisco (Tandberg) Edge95 MXP

F9.3.1

Cisco (Tandberg) 6000 B

B10.3

Cisco (Tandberg) 6000 E

E5.3

Cisco C20

6.0.1, 6.1.1

Cisco C90

6.0.1, 6.1.1

Cisco C60

5.1

13

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 2-1

Version 7.7 Device Interoperability Table (Continued)

Device

Version

Cisco E20

4.1.2

Cisco EX90

6.0.1, 6.1.1

Cisco SX20

6.0.1, 6.1.1

Cisco CTS3010 (Telepresence)

1.9.3/1.10.1

Cisco CTS1300 (Telepresence)

1.8.1/1.9.3

Cisco CTS500 (Telepresence)

1.8.1

Radvision Scopia XT1000

2.5.416

Radvision Scopia XT5000

3.1.1.37

Aethra X7

12.1.7

Sony PCS –1

3.42

Sony PCS –G50

2.72

Sony PCS –TL50

2.42

Sony PCS-G90

2.22

Sony PCS-XG80

2.36

CSS Server

1.1.0.504

Addon client

1.1.0.37260

Microsoft OC client R2

14

Microsoft Lync 15 client

15.0.4420.1017

Microsoft Lync 14 client

4.0.7577.4356

Siemens Client

V7R0.0.6

Siemens OpenStage Desktop Voice

V3_R1_31_0

IBM DB2 Database Server

9.7

IBM Lotus Domino® Enterprise Server

V8.5.2

IBM Lotus Notes client

V8.5.2

IBM Lotus Sametime Media Manager

V8.5.2 IFR 1

IBM Lotus Sametime System Console

V8.5.2 IFR 1

IBM Lotus Sametime Community Server

V8.5.2 IFR 1

IBM Lotus Sametime Proxy Server

V8.5.2 IFR 1

IBM Lotus Sametime Meeting Server

V8.5.2 IFR 1

Polycom, Inc.

Version 8.1.4.J - Interoperability

For more information about partner product interoperability, refer to the partner deployment guides.

Polycom RMX and Avaya Interoperability For questions and support on the Polycom - Avaya integrated solution, please contact your Avaya Authorized Service Provider.

Polycom RMX 4000, RMX 2000 and RMX 1500 can call and receive calls with current generally available versions of Avaya one-X Communicator H.323 video soft clients (R5.2) on Aura Communication Manager R5.2.1, R6.0, and R6.1.

RMX Web Client The following table lists the environments (Web Browsers and Operating Systems) with which the RMX Web Client was tested. Table 3

Version 7.0 Environment Interoperability Table

Web Browser Internet Explorer 7 Internet Explorer 8 Internet Explorer 9

Operating System Windows XP™ Windows Vista™ Windows 7, Windows 8

For single core cpu workstations: It is not recommended to run RMX Web Client and Polycom CMAD applications simultaneously on the same workstation.

Windows 7™ Security Settings If Windows 7 is installed on the workstation, Protected Mode must be disabled before downloading the software to the workstation. To disable Protected Mode: 1 In the Internet Options dialog box, click the Security tab.

Polycom, Inc.

15

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

The Security tab is displayed.

16

Polycom, Inc.

Version 8.1.4.J - Interoperability

2

Clear the Enable Protected Mode check box for each of the following tabs: — Internet — Local intranet — Trusted sites

3

After successful connection to RMX, the Enable Protected Mode check boxes can be selected to enable Protected Mode for the following tabs: — Internet — Local intranet

Internet Explorer 8 Configuration When using Internet Explorer 8 to run the RP Collaboration Server Web Client or RMX Manager applications, it is important to configure the browser according to the following procedure. To configure Internet Explorer 8: 1 Close all browsers running on the workstation. 2

Polycom, Inc.

Use the Windows Task Manager to verify that no iexplore.exe processes are running on the workstation. If any processes are found, use the End Task button to end them.

17

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

3

Open Internet Explorer but do not connect to the MCU.

4

In the Internet Explorer menu bar select Tools >> Internet Options. The Internet Options dialog box is displayed with General tab open.

5

In the Browsing history section, click the Delete button. The Delete Browsing History dialog box is displayed.

18

6

Select the Temporary Internet files and Cookies check boxes.

7

Click the Delete button.

8

The Delete Browsing History dialog box closes and the files are deleted.

9

In the Internet Options dialog box, click the Settings button.

Polycom, Inc.

Version 8.1.4.J - Interoperability

The Temporary Internet Files and History Settings dialog box is displayed.

10 Click the View objects button. The Downloaded Program Files folder containing the installed Program Files is displayed.

11 Select the EMAClassLoader.dll file and press the Delete key on the workstation or right-click the EMA.ClassLoader.dll file and then click Delete. 12 Close the Downloaded Program Files folder and the Temporary Internet Files and History Settings dialog box. 13 In the Internet Options dialog box, click the OK button to save the changes and close the dialog box.

Polycom, Inc.

19

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Polycom Solution Support Polycom Implementation and Maintenance services provide support for Polycom solution components only. Additional services for supported third-party Unified Communications (UC) environments integrated with Polycom solutions are available from Polycom Global Services and its certified Partners. These additional services will help customers successfully design, deploy, optimize and manage Polycom visual communications within their UC environments. Professional Services for Microsoft Integration is mandatory for Polycom Conferencing for Microsoft Outlook and Microsoft Office Communications Server integrations. For additional information and details please see http://www.polycom.com/services/ professional_services/index.html or contact your local Polycom representative.

20

Polycom, Inc.

Version 8.1.4.J - Upgrade Package Contents

Version 8.1.4.J - Upgrade Package Contents The Version 8.1.4.J upgrade package must be downloaded from the Polycom Resource Center and includes the following items: •

lan.cfg file

•

LanConfigUtility.exe

•

RMX Manager installation files

•

RMX Documentation

•

— RealPresence Collaboration Server (RMX) 1500/2000/4000 Version 8.1.4.J Release Notes — RealPresence Collaboration Server (RMX) 1500/2000/4000 Deployment Guide for Maximum Security Environments — RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide — RealPresence Collaboration Server (RMX) 1500/2000/4000 Hardware Guides — RealPresence Collaboration Server (RMX) 1500/2000/4000 Quick Installation Booklets — Installation Quick Start Guide for RMX 1500/2000/4000 — RMX Third Party Licenses External DB Tools

•

— RMX 1500/2000/4000 External Database API Programmer’s Guide — Sample Scripts RMX XML API Kit Version 8.1 — — — — — — —

RMX 1500/2000/4000 XML API Version 8.1.0 Release Notes RMX 1500/2000/4000 XML API Overview RMX 1500/2000/4000 XML API Schema Reference Guide MGC to RMX XML API Conferencing Comparison Polycom XML Tracer User’s Guide XML Schemas Polycom XML Tracer application

Where to Get the Latest Product Information To view the latest Polycom product documentation, visit the Support section of the Polycom website at http://support.polycom.com

Polycom, Inc.

21

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Upgrade Procedures Version 8.1.4.J does not support MPM+ cards. Only MPMx cards are supported. DO NOT upgrade to Version 8.1.4.J if MPM+ cards are installed in the RealPresence Collaboration Server (RMX) system. Contact Polycom Support for more information. If the upgrade process includes upgrading the Media cards, refer to the RealPresence Collaboration Server 2000/4000 MPMx Migration Procedure documentation.

Guidelines •

Ensure that the Control Unit memory size is at least 1024MB. If memory size is 512MB, DO NOT perform the upgrade procedure. Contact Polycom Support for more information. To check the MCU’s Memory size: In the RMX Web Client/RMX Manager go to Administration > System Information.

22

•

If Windows7™ is installed on the workstation, Protected Mode must be disabled before downloading the RealPresence Collaboration Server software to the workstation. For more information see "Windows 7™ Security Settings” on page 2-15.

•

To maximize conferencing performance, especially in high bit rate call environments, a 1 Gb connection is recommended for each LAN connection.

•

If the default POLYCOM user is defined in the RMX Web Client, an Active Alarm is created and the MCU status changes to MAJOR until a new Administrator user is created and the default user is deleted.

Polycom, Inc.

Upgrade Procedures

•

When upgrading from a version in which the Profiles dialog box did not include the Gathering Phase option: To enable the Gathering Phase in the existing Profiles, you must modify the Profiles assigned to these conferencing entities. For more information see the RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide for Maximum Security Environments, “Gathering Settings”.

•

When upgrading from a version in which the Profiles dialog box did not include the SIP Registration option: To keep the conferencing entities registered with the SIP Server defined in the IP Network Service, registration must be enabled in the Profiles assigned to these conferencing entities. For more information see the RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide for Maximum Security Environments, “Media Encryption”.

•

SHA-256 (Secure Hash Algorithm) Password Encryption - When upgrading to Version 8.1.4.J, user passwords will be hashed with SHA-256 on Login and SHA-1 hashed Login passwords will be deleted. New passwords are stored in SHA-256 format. The RMX configuration, including users and passwords, should be backed up before upgrading or downgrading. Table 2-10 summarizes the system behavior with regard to passwords and certificates when upgrading to or downgrading from this version. Table 2-1

Version Change - Password and Certificate Compatibility

Version Change Upgrade from old version to new version

Behavior Passwords

Certificates

On user login: All new-user passwords are hashed and saved using SHA-256.

The new version accepts certificates issued with SHA-1 hashing.

•

•

Existing user passwords remain saved using the SHA-1 signature, however:

•

On first login after the upgrade the SHA-1 hashed password is automatically replaced with SHA-256 hashed password. Note: After an upgrade to version 8.1.4.J there will be still passwords saved with the SHA-1 signature. In order not to rely on automatic password signature conversion and replacement, and to ensure that the system only has SHA-256 hashed passwords saved, the administrator should: Either: • Ensure that all the users login to the system at least once to ensure automatic replacement of SHA-1 hashed passwords with SHA-256 hashed passwords. Or: • Delete and recreate all users.

Polycom, Inc.

23

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 2-1

Version Change - Password and Certificate Compatibility (Continued)

Version Change Downgrade from new version to old version

Behavior Passwords

Certificates

Before the downgrade procedure begins, the administrator receives a popup warning message “Passwords will change to factory default would you like to proceed?” All users and SHA-256 hashed passwords are deleted. The administrator’s User Name and Password reverts to the Factory Default: POLYCOM / POLYCOM.

The old version accepts certificates issued with SHA-1 hashing. For certificates issued with SHA-256 hashing: • The administrator receives a popup warning message "TLS certificate will be deleted and the system will switch to non-secured connection, would you like to proceed?”

•

For each certificate that is hashed with SHA-256:

•

RMX Web Client / RMX Manager connections to the RMX are switched to non-secured mode.

•

LDAP services are changed from 636 to port 389.

•

SIP TLS sessions are changed to SIP UDP.

•

The certificate is deleted.

Although SVC Conferencing Mode options are available in Conference Profiles, it is advised that they not be used with Version 8.1.4.J.

Upgrade Paths to Version 8.1.4.J The upgrade options from previous versions to Version 8.1.4.J are summarized in Table 2-2. Table 2-2

Upgrade Paths to Version 8.1.4.J

Current Version

24

First Intermediate Upgrade

Second Intermediate Upgrade

New Version

Version

Version

Version

Key

Key

Key

7.5.1.J / 7.5.2.J

N/A

N/A

8.1.4.J

Yes

7.5.0.J

N/A

N/A

7.5.1.J

No

7.0.2

N/A

N/A

7.5.0.J

Yes

5.0.2

7.0.2

N/A

7.5.0.J

Yes

Yes

Polycom, Inc.

Upgrade Procedures

Table 2-2

Current Version 5.1

Upgrade Paths to Version 8.1.4.J First Intermediate Upgrade

Second Intermediate Upgrade

New Version

Version

Version

Version

5.0.2

Key Yes

7.0.2

Key Yes

7.5.0.J

Key Yes

Upgrading from Version 7.5.1.J / 7.5.2.J to Version 8.1.4.J.

Polycom, Inc.

1

Download the Version 8.1.4.J software from the Polycom Resource Center web site.

2

Obtain the Version 8.1.4.J Product Activation Key from the Polycom Resource Center web site. For more information, see the RealPresence Collaboration Server (RMX)1500/2000/ 4000 Deployment Guide for Maximum Security Environments, "Obtain Product Activation Key for the RMX” on page 1-25.

3

Backup the configuration file. For more information, see the RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrators's Guide for Maximum Security Environments, “Software Management”.

4

Install MCU Software Version 8.1.4.J. On the RMX menu, click Administration> Software Management > Software Download.

5

Browse to the Install Path, selecting the Version 8.1.4.J.x.x.bin file in the folder where Version 8.1.4.J is saved and click Install.

25

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

The Install Software information box that the file Copying files is In progress.

•

When an incorrect or non viable version upgrade/downgrade is attempted, an alarm and fault are activated on the RMX.

Click OK. The RMX software installation procedure is aborted and a system alert activates in the Faults List as shown below.

•

During any upgrade or downgrade software version installation when the Safe Software Version Installation warning has been activated your current browser session will block any new installation attempt. As a workaround close and then re-open a new browser session, which will enable you to start a new software version installation.

At the end of the Coping Files process the system displays an indication that the software copying procedure is Done and a new Activation Key is required.

6

Click the OK button. The Product Activation dialog box is displayed with the serial number field completed.

7

26

In the Activation Key field, enter or paste the Product Activation Key obtained earlier and click the OK button.

Polycom, Inc.

Upgrade Procedures

At the end of the Product Activation process the system displays an indication that the Product Activation Key was successfully installed.

8

Click the OK button. The Install Software information box indicates that Software Loading is in progress.

A series of Active Alarms are displayed indicating the progress of the upgrade process.

The Install Software information box indicates that IPMC Burning is in progress.

A further series of Active Alarms are displayed indicating the progress of the upgrade process.

The upgrade procedure takes approximately 20 minutes. Sometimes, when updating the Version 8.1.4.J license key, the system displays the following active alarm:

Ignore this Active Alarm and complete this installation procedure.

Polycom, Inc.

27

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

A system message alert may appear, if so then click Next/Cancel.

Connection to the RealPresence Collaboration Server is terminated and you are prompted to reopen the browser.

9

Approximately 10 minutes after receiving this message, close and reopen the browser.

10 Enter the IP address of the RMX Control Unit in the browser’s address line and press Enter to reconnect to RealPresence Collaboration Server. If the browser displays a message indicating that it cannot display the requested page, close and reopen the browser and connect to the RealPresence Collaboration Server. The version number in the Welcome screen has changed to 8.1.4.J. 11 In the RMX Web Client – Welcome screen, enter your User Name and Password and click Login. If the error “Browser environment error. Please close all the browser sessions” appears, close all the browser sessions, and reconnect to the RealPresence Collaboration Server. If the error message appears again, either run the automatic troubleshooter utility or manually preform the suggested troubleshooting procedures. For more details, see the RealPresence Collaboration Server (RMX)1500/2000/4000 Deployment Guide for Maximum Security Environments "Troubleshooting” on page A-1.

In the Main Screen an MCU State indicator displays a progress indicator showing the time remaining until the system start-up is complete. To use the new features such as Operator Assistance and Gateway Sessions the IVR Services must be updated. For more details, see “Additional/Optional System Updates After Upgrading” on page 36. The upgrade to Version 8.1.4.J is complete.

Upgrading from Version 7.5.0.J to Version 7.5.1.J.

28

1

Download the required software Version 7.5.1.J from the Polycom Resource Center web site.

2

Optional. If the system has Entry Queues and Meeting Rooms defined that are protected by Conference or Chairperson Passwords, in Ultra Secure Mode, that are less than 9 characters in length, increase these passwords to a length of at least 9 characters before continuing with the upgrade to Version 7.5.1.J.

Polycom, Inc.

Upgrade Procedures

3

Backup the configuration file. For more information, see the RealPresence Collaboration Server 1500/2000/4000 Administrator’s Guide for Maximum Security Environments, "Software Management” on page 17-71.

4

Install MCU Software Version 7.5.1.J On the RMX menu, click Administration> Software Management > Software Download.

5

Browse to the Install Path, selecting the Version 7.5.1x.bin file in the folder where Version 7.5.1.J is saved and click Install.

6

7

— The installation begins. At the end of the installation process the system displays an indication that the software was successfully downloaded. — The upgrade procedure begins. The upgrade takes about 30 minutes during which time an Active Alarm System Upgrade is displayed. The RealPresence Collaboration Server resets itself during the upgrade process and connection to the RMX Web Client may be lost. If the workstation is logged in to the RMX Web Client during the resets, the MCU State indicator at the bottom right corner of the RMX Web Client screen indicates STARTUP. After about 30 minutes, close and reopen the browser and connect to the RealPresence Collaboration Server. If the browser was not closed and reopened, the following error message is displayed: Browser environment error. Please reopen the browser. In the RMX Web Client – Welcome screen, enter your User Name and Password and click Login. In the Main Screen an MCU State indicator displays a progress indicator showing the time remaining until the system start-up is complete.

Upgrading from Version 7.0.2 to Version 7.5.0.J 1

Download the Version 7.5.0.J software from the Polycom Resource Center web site. If Windows7™ is installed on the workstation, Protected Mode must be disabled before downloading the Version 7.5.0.J software to the workstation. For more information see “Windows 7™ Security Settings” on page 15.

Polycom, Inc.

2

Obtain the Version 7.5.0.J Product Activation Key from the Polycom Resource Center web site.

3

Backup the configuration file.

4

Install MCU Software Version 7.5.0.J. On the RMX menu, click Administration> Software Management > Software Download.

5

Browse to the Install Path, selecting the Version 7.5.0.J.x.x.bin file in the folder where Version 7.5.0.J is saved and click Install.

29

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

The Install Software information box that the file Copying files is In progress.

At the end of the installation process the system displays an indication that the software copying procedure is Completed and that a new Activation Key is required. 6

Click the OK button.

7

On the RMX menu, click Setup > Product Activation. The Product Activation dialog box is displayed with the serial number field completed.

8

In the Activation Key field, enter or paste the Product Activation Key obtained earlier and click the OK button. At the end of the Product Activation process the system displays an indication that the Product Activation Key was successfully installed.

9

Click the OK button. The Install Software information box indicates that Software Loading is in progress.

A series of Active Alarms are displayed indicating the progress of the upgrade process.

The Install Software information box indicates that IPMC Burning is in progress.

30

Polycom, Inc.

Upgrade Procedures

A further series of Active Alarms are displayed indicating the progress of the upgrade process.

Sometimes, when updating the Version 7.x license key, the system displays the following active alarm:

Ignore this Active Alarm and complete this installation procedure.

The upgrade procedure takes approximately 20 minutes. Connection to the RealPresence Collaboration Server is terminated and you are prompted to reopen the browser.

10 Approximately 5 minutes after receiving this message, close and reopen the browser. 11 Enter the IP address of the RMX Control Unit in the browser’s address line and press Enter to reconnect to RealPresence Collaboration Server. If the browser displays a message indicating that it cannot display the requested page, close and reopen the browser and connect to the RMX.

12 In the RMX Web Client – Welcome screen, enter your User Name and Password and click Login.

Polycom, Inc.

31

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

In the Main Screen an MCU State indicator displays a progress indicator showing the time remaining until the system start-up is complete. •

If the default POLYCOM user is defined in the RMX Web Client, an Active Alarm is created and the MCU status changes to MAJOR until a new Administrator user is created and the default user is deleted.

•

If the upgrade process fails, please contact Polycom support.

To use the new features such as Operator Assistance and Gateway Sessions the IVR Services must be updated.

Upgrading from Version 5.0.2 to Version 7.5.0.J This upgrade requires an intermediate upgrade from Version 5.0.2 to Version 7.0.2 followed by an upgrade to Version 7.5.0.J.

Intermediate Upgrade from Version 5.0.2 to Version 7.0.2 1

Download the software Version 7.0.2 software from the Polycom Resource Center web site.

If Windows7™ is installed on the workstation, Protected Mode must be disabled before downloading the Version 7.0.2 software to the workstation. For more information see “Windows 7™ Security Settings” on page 15.

2

Obtain the Version 7.0.2 Product Activation Key from the Polycom Resource Center web site. For more information, see the RealPresence Collaboration Server (RMX)1500/2000/ 4000 Deployment Guide for Maximum Security Environments, "Download and Install the RMX Manager Onto a Workstation” on page 1-25.

3

Backup the configuration file. For more information, see the RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrators's Guide for Maximum Security Environments, “Software Management”.

4

Install MCU Software Version 7.0.2. On the RMX menu, click Administration > Software Management > Software Download.

5

Browse to the Install Path, selecting the Version 7.0.2xx.bin file in the folder where Version 7.0.2. is saved and click Install. At the end of the installation process the Install Software dialog box indicates that the installed software is being checked. The system then displays an indication that the software was successfully downloaded and that a new activation key is required.

6

32

On the RMX menu, click Setup > Product Activation.

Polycom, Inc.

Upgrade Procedures

The Product Activation dialog box is displayed with the serial number field completed.

7

In the Activation Key field, enter or paste the Product Activation Key obtained earlier and click the OK button. At the end of the Product Activation process the system displays an indication that the Product Activation Key was successfully installed.

8

When prompted whether to reset the RealPresence Collaboration Server, click Yes to reset the RealPresence Collaboration Server.

Sometimes when upgrading from version 5.0.2 to version 7.0.x the reset process fails. In such a case, you can try to connect to the MCU via the Shelf Management and reset the MCU from the Hardware Monitor or you can “hard” reset the MCU by turning the Power off and on again.

9

When prompted to wait while the RealPresence Collaboration Server resets, click OK. The upgrade procedure takes approximately 30 minutes. Connection to the RealPresence Collaboration Server is terminated and you are prompted to reopen the browser.

10 After approximately 30 minutes close and reopen the browser. 11 Enter the IP address of the RMX Control Unit in the browser’s address line and press Enter to reconnect to RealPresence Collaboration Server. The browser displays a message indicating that it cannot display the requested page. 12 Refresh the browser periodically until connection to the RealPresence Collaboration Server is established and the Login screen is displayed. You may receive a message stating Browser environment error. Please reopen the browser.

13 Optional. Close and reopen the browser. 14 Enter the IP address of the RMX Control Unit in the browser’s address line and press Enter to reconnect to RealPresence Collaboration Server.

Polycom, Inc.

33

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

The Login screen is displayed. The version number has changed to 7.0.2.

Version Number

15 In the RMX Web Client – Welcome screen, enter your User Name and Password and click Login. In the Main Screen an MCU State indicator displays a progress indicator showing the time remaining until the system start-up is complete. •

If the default POLYCOM user is defined in the RMX Web Client, an Active Alarm is created and the MCU status changes to MAJOR until a new Administrator user is created and the default user is deleted.

•

If the upgrade process fails, please contact Polycom support.

Upgrade from Version 7.0.2 to Version 7.5.0.J >> Continue with the upgrade from Version 7.0.2 to Version 7.5.0.J as described starting on page 29.

Upgrading from Versions 5.1.0.G to Version 7.5.0.J This upgrade requires the following intermediate upgrade procedures followed by an upgrade to Version 7.5.0.J: 1

Upgrade from Version 5.1.0.G to Version 5.0.2.

2

Upgrade from Version 5.0.2 to Version 7.0.2.

Intermediate Upgrade from Version 5.1.0.G to Version 5.0.2 Ultra Secure Mode must be disabled before this upgrade can be performed.

1

Download the required software Version 5.0.2 from the Polycom Resource Center web site. If Windows7™ is installed on the workstation, Protected Mode must be disabled before downloading the Version 5.0.2 software to the workstation. For more information see “Windows 7™ Security Settings” on page 15.

34

Polycom, Inc.

Upgrade Procedures

2

Backup the configuration file. For more information, see the RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide for Maximum Security Environments, "Software Management”.

3

Install MCU Software Version 5.0.2. On the RMX menu, click Administration> Software Management > Software Download.

4

Browse to the Install Path, selecting the Version 5.0.2xx.bin file in the folder where Version 5.0.2 is saved and click Install. At the end of the installation process the system displays an indication that the software was successfully downloaded and that a new activation key is required.

5

Click Close to close the Install Software dialog box.

6

When prompted whether to reset the MCU, click Yes to reset the MCU. At the end of the installation process the system displays an indication that the software was successfully downloaded. The upgrade procedure takes about 30 minutes during which time an Active Alarm System Upgrade is displayed. The RealPresence Collaboration Server resets itself during the upgrade process and connection to the RMX Web Client may be lost. If the workstation is logged in to the RMX Web Client during the resets, the MCU State indicator at the bottom right corner of the RMX Web Client screen indicates STARTUP.

7

After about 30 minutes, close and reopen the browser and connect to the RealPresence Collaboration Server. If the browser was not closed and reopened, the following error message is displayed: “Browser environment error. Please reopen the browser”. The version number in the Welcome screen has changed to 5.0.2.

Version Number

8

In the RMX Web Client – Welcome screen, enter your User Name and Password and click Login. In the Main Screen an MCU State indicator displays a progress indicator showing the time remaining until the system start-up is complete.

Intermediate Upgrade from Version 5.0.2 to Version 7.0.2 >> Continue with the upgrade from Version 5.0.2 to Version 7.0.2 as described starting on page 32.

Polycom, Inc.

35

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Upgrade from Version 7.0.2 to Version 7.5.0.J >> Continue with the upgrade from Version 7.0/7.0.1/7.0.2 to Version 7.5.0.J as described starting on page 29.

Additional/Optional System Updates After Upgrading IVR Services Update DTMF Codes added in versions later than the version being upgraded are not automatically added to the Conference IVR Service. These DTMF Codes must be added manually. To modify the Conference IVR Service: 1

In the IVR Services list, double-click the service to modify or right click the service and select Properties.

2

To add the gateway voice messages and dial tones, click the General tab and select the appropriate *.wav files.

3

To modify the DTMF codes, click the DTMF Codes tab.

4

Modify the DTMF codes as follows: Table 2-3

5

DTMF Code Changes (Continued)

Action

Existing DTMF Code

New DTMF Code

Enable Roll Call

*32

*42

Disable Roll Call

#32

#42

Roll Call Review Names

*33

*43

Roll Call Stop Review

#33

#43

Start/Resume Recording

*73

*3

Stop Recording

*74

*2

Pause Recording

*75

*1

Request Private Assistance

*0

Request Assistance for the conference

00

PCM (for ISDN participants only)

##

Invite Participant

*72

Disconnect Last Invited Participant

#72

To add the Operator Assistance options, click the Operator Assistance tab and select the appropriate options and messages.

For details on modifying the IVR Services, see the RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide for Maximum Security Environments, "Defining a New Conference IVR Service”.

36

Polycom, Inc.

Upgrade Procedures

Media Encryption When upgrading from a version prior to 7.6.1 the ALLOW_NON_ENCRYPT_PARTY_IN_ENCRYPT_CONF System Flag is replaced by a value in the Conference Profile. Therefore, it is essential that the encryption settings of all existing conference Profiles are verified, and if necessary, modified to meet local encryption requirements through the new encryption options according to Table 3. Table 3

System Flag and Profile Settings in Version 7.6.1 and Earlier Encryption Setting Versions prior to 7.6.1

Parameter

Version 7.6.1 and Later

Value

Parameter

Value

Profile Encryption Setting

YES

Profile Encryption Setting

Encrypt All

Profile Encryption Setting

NO

Profile Encryption Setting

No Encryption

ALLOW_NON_ENCRYPT _PARTY_IN_ENCRYPT_ CONF=YES

FORCE_ENCRYPTION _FOR_UNDEFINED_P ARTICIPANT_IN_WHE N_AVAILABLE_MODE

YES

System Flag

DMA Compatibility If a Polycom DMA system is installed in the environment, the value of the flag, MAX_PASSWORD_REPEATED_CHAR, must be set to 4 to maintain compatibility between the RealPresence Collaboration Server and the DMA. For more details, see the RealPresence Collaboration Server 1500/2000/4000 Administrator’s Guide "Modifying System Flags” on page 1-1.

SHA-256 (Secure Hash Algorithm) Password Encryption When upgrading to Version 8.1.4.J, user passwords will be hashed with SHA-256 on Login and SHA-1 hashed Login passwords will be deleted. New passwords are stored in SHA-256 format. After an upgrade to version 8.1.4.J there will be still passwords saved with the SHA-1 signature. In order not to rely on automatic password signature conversion and replacement, and to ensure that the system only has SHA-256 hashed passwords saved, the administrator should either ensure that all the users login to the system at least once to ensure automatic replacement of SHA-1 hashed passwords with SHA-256 hashed passwords or delete and recreate all users.

Polycom, Inc.

37

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

DNS per IP Network Service The version includes support for a DNS to be configured for each IP Network Service that is defined. When upgrading from a version that does not support a DNS per IP Network Service, the DNS configured for the Management Network Service will be automatically be used in the IP Network Service. If required, modify the DNS settings in the IP Network Service Properties dialog box.

LAN Redundancy In this version the default value of the LAN_REDUNDANCY System Flag has been changed to NO. If LAN Redundancy is a system requirement, the LAN_REDUNDANCY System Flag must be added to system.cfg and its value set to YES. For more information see the RealPresence Collaboration Server 1500/2000/4000 Administrator’s Guide, "Manually Adding and Deleting System Flags” on page 22-18. If the flag value is set to YES and either of the LAN connections (LAN1 or LAN2) experiences a problem, an active alarm is raised stating that there is no LAN connection, specifying both the card and port number.

Troubleshooting If a Browser Environment Error occurs, close and re-open the browser. If the problem persists, you can either run the Automatic Troubleshooting Utility or perform the Troubleshooting Procedures manually.

For more information see “Troubleshooting Instructions” on page 255.

38

Polycom, Inc.

Upgrade Procedures

Upgrading the RMX Manager Application. The RMX Manager specific to version 8.1.4.J must be used.

The RMX Manager specific to version 8.1.4.J can be downloaded from the Support section of the Polycom website at http://www.polycom.com/forms/rmx-sw-fed-thankyou.html To upgrade the RMX Manager: 1 Back up the RMX Manager configuration. For more information, see the RealPresence Collaboration Server 1500/2000/4000 Administrator’s Guide, "Import/Export RMX Manager Configuration”.

Polycom, Inc.

2

Obtain the RMX Manager specific to Version 8.1.4.J from the Polycom Software Distribution website.

3

Install the RMX Manager on the workstation: a

Using Windows, navigate to the folder where the downloaded RMX Manager has been saved.

b

Double-click on the downloaded install file and follow the on-screen instructions to complete the installation.

4

When the install of the RMX Manager is completed, launch the RMX Manager using the Windows Start menu.)

5

Import the backed up MCUs list using the Import RMX Manager Configuration option. For more information, see the RealPresence Collaboration Server 1500/2000/4000 Administrator’s Guide, "Import/Export RMX Manager Configuration”.

6

Optional. If needed, add the MCU to the RMX Manager’s MCUs list. a

Right-click in the RMX Manager window.

b

Select Add MCU.

c

Enter the MCU Name.

d

Enter the IP Address of the MCU.

e

Leave the port as Port 80 until such time that the RMX is placed into Secure Mode.

39

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Version 8.1.4.J Detailed Description New Security Features MLPP (Multi Level Precedence and Preemption) In compliance with UC APL requirements, Quality of Service (QoS) can be more accurately modified to suit local needs with the addition of Multi Level Precedence and Preemption methods for call prioritizing and call handling. QoS is important when transmitting high bandwidth audio and video information. QoS can be measured and guaranteed in terms of: •

Latency

•

Low packet throughput

•

Average delay between packets

•

Jitter (variation in delay)

•

Transmission error rate

•

Order of packet delivery

Precedence is the method by which a call is assigned a priority level. The RMX supports two separately defined and configurable Domains, each having its own Precedence policy. For a full description of Precedence see IETF RFC 2474. One of the following Precedence Levels is assigned to all calls: Table 2-1

Precedence Levels

Highest Priority

FLASH-OVERRIDE-OVERRIDE (Classified Networks only) FLASH-OVERRIDE FLASH IMMEDIATE PRIORITY

Lowest Priority

ROUTINE

Conferences can have a mix of participants from different Precedence domains and network domains. Precedence is supported for both IPv4 and IPv6. Preemption is the method whereby, when system resources are insufficient, lower priority calls are terminated and their resources assigned to higher priority calls. Preemption is typically a function of network components such as the Local Session Controller (LSC). To the RMX, a preempted call appears as a disconnected call.

40

Polycom, Inc.

Version 8.1.4.J Detailed Description - New Security Features

Enabling Precedence Precedence is disabled by default. It is enabled by using the Setup > Precedence Settings menu to display the Precedence Settings dialog box. Precedence is enabled by selecting the Use Precedence check box.

See "Configuring and Modifying Precedence Domains and DSCP Values” on page 2-45. When Precedence is enabled, all other QoS system settings are overridden by the parameters sent in the SIP Message. For more information about QoS, see the RealPresence® Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide, "Network Services” on page 1-1.

SIP Message A SIP Message is a request or a response between network entities that communicate using the SIP protocol. The SIP Message header contains Precedence and Resource Priority (r-value) information and an optional Require tag for each call. For a full description of SIP Messages see IETF RFC 3261. For a full description of Resource Priority (DSCP) see IETF RFC 2474. For a full description of SIP r-priority see IETF RFC 4412.

Dial-in calls If the Use Precedence check box in Precedence Settings is selected: •

The RMX uses the information in the SIP Message header to match the call to a Precedence Domain and a Precedence Level. Table 2-2 summarizes of the default values. Table 2-2

Precedence Domain and Resource Priority - DSCP Default Values

Resource Priority

Polycom, Inc.

DSCP Value Precedence Level Audio

Video

9

FLASH-OVERRIDE-OVERRIDE

33 (0x21)

33 (0x21)

8

FLASH-OVERRIDE

33 (0x21)

33 (0x21)

41

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 2-2

Precedence Domain and Resource Priority - DSCP Default Values (Continued)

Resource Priority

DSCP Value Precedence Level Audio

Video

6

FLASH

35 (0x23)

35 (0x23)

4

IMMEDIATE

37 (0x25)

37 (0x25)

2

PRIORITY

39 (0x27)

39 (0x27)

0

ROUTINE

51 (0x33)

51 (0x33)

NONE

No Resource Priority header for backward compatibility

•

SIP Dial in participants, both defined and undefined, do not inherit Precedence or Domain characteristics from the Participant’s Address Book. (Additional fields, added to the Participant’s Properties - Advanced and Address Book - Advanced dialog boxes are used to enter and modify Precedence or Domain characteristics for SIP Dial-out participants.)

•

For backward compatibility, calls received with a SIP Message header that contains no Precedence Domain and the Resource Priority information, are assigned ROUTINE priority in the first defined Precedence Domain.

•

Incoming calls are accepted or rejected depending on the: — Value of the REJECT_INCORRECT_PRECEDENCE_DOMAIN_NAME System Flag. — Match or mismatch of the Precedence Domains, set in the RMX and contained in the incoming SIP Message r-value. • The r-value is of the following format: r-value = -. Table 2-3 shows an example of calls accepted or rejected assuming: — Domain Name — Sub Domain — r-priority = 2

42

= UC = 000000

Polycom, Inc.

Version 8.1.4.J Detailed Description - New Security Features

Table 2-3

Example - Call Acceptance by System Flag Value and Precedence Domain Matching Call Acceptance

Precedence Domain

RMX

Polycom, Inc.

Flag Value: REJECT_INCORRECT_PRECEDENCE_DOMAIN_NAME

Incoming SIP Message

UC

UC

UC

UC.00001

UC

UC.00002

UC-00000

UC-00000

UC-00000

UC-00001

UC-00000

UC

UC

UC00002

UC

UCC

UCC

UC

YES

NO (Default)

Call Accepted Call Accepted and assigned ROUTINE priority

Call Rejected

•

Rejected calls receive a 417 Error response.

•

If the Require tag is null, the call is connected and assigned ROUTINE priority in the first defined Precedence Domain

•

If the Use Precedence check box in Precedence Settings is cleared, the RMX will not reject such calls. The LSC is responsible for rejecting such calls.

43

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Dial-out calls For Dial-out calls, the SIP Message header information for the Precedence Domain and Resource Priority (r-priority) of the call is configurable. Additional fields in the Participant’s Properties - Advanced and Participant’s Address Book Advanced dialog box are used to modify these parameters: •

Precedence Domain Name

•

Precedence level

Precedence Level Change The Precedence Level of all calls can only be changed by the LSC sending a Re-Invite or similar SIP Message to the RMX.

44

Polycom, Inc.

Version 8.1.4.J Detailed Description - New Security Features

Configuring and Modifying Precedence Domains and DSCP Values The Precedence Domains and DSCP values for each Precedence Domain can be configured and modified per MCU. To configure Precedence Settings: 1 On the RMX menu, click Setup > Precedence Settings The Precedence Settings dialog box is displayed.

2

Optional: Modify the values if required. Table 2-4

Precedence Settings - Domains, Levels and DSCP Values

Field

Description

Use Precedence

Select or clear the check box to enable or disable Precedence. Default: Cleared (Precedence disabled)

Precedence Domain

Select the Precedence Domain to be modified, 1 or 2, from the drop-down menu. Possible Values: 1 / 2

Domain Name

Enter the required Domain Name.

Signaling DSCP

Modify the DSCP value of the Signaling DSCP. A single Signaling Proxy is used for all Precedence Levels. Default: 40 Range: 0 - 63

Level

r-priority, Audio DSCP and Video DSCP values can be modified for each of the six Precedence Levels: • ROUTINE

• • • • •

Polycom, Inc.

PRIORITY IMMEDIATE FLASH FLASH-OVERRIDE FLASH-OVERRIDE+

45

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 2-4

Precedence Settings - Domains, Levels and DSCP Values (Continued)

Field

Description

r-priority

Modify the r-priority value for the Level. Range: 0 - 255. Default: ROUTINE - 0, PRIORITY - 2, IMMEDIATE - 4, FLASH - 6, FLASH-OVERRIDE - 8, FLASH-OVERRIDE+ - 9

Audio/Video DSCP

Modify the DSCP value for the Audio/Video DSCP. Range: 0 - 63. Default: ROUTINE - 51, PRIORITY - 39, IMMEDIATE - 37, FLASH - 35, FLASH-OVERRIDE - 33, FLASH-OVERRIDE+ - 31

Click OK.

3

System Flags Changes to Existing Flags The default value of the following flags have been changed: Table 2-5

Flags - Old vs New Default Values

Flag name

Old Default Value (hex)

New Default Value (hex)

QOS_IP_VIDEO

0x88

0x31

QOS_IP_AUDIO

0x88

0x31

QOS_IP_SIGNALING

0x00

0x28

NO

YES

RTCP_QOS_IS_EQUAL_TO_RTP

New Flags The following System Flags must be added to system.cfg if their values are to be modified: •

•

QOS_MANAGEMENT_NETWORK - the overall hex value of the DiffServ field (not just the value of the DSCP portion) is used as the DSCP value for the RMX Management Network. — Default: 0x10 — Range: 0x00 - 0xFC REJECT_INCORRECT_PRECEDENCE_DOMAIN_NAME - see "Dial-in calls” on page 2-41 (above) for a description of this flag. — Default: NO — Range: YES / NO

46

Polycom, Inc.

Version 8.1.4.J Detailed Description - New Security Features

Monitoring Precedence Level The Precedence Level of each connected participant is listed in the Participants list pane.

IEEE 802.1X Authentication In compliance with UC APL requirements for enhanced security of wireless local area networks that follow the IEEE 802.11 standard, support for 802.1X Authentication has been included in this version. 802.1X Authentication requires that the RMX registers with a 802.1X Authentication Server and is supported on RMX 1500/2000/4000 The authentication protocol is applied to each the following Network Interface Controllers (NICs): •

Management

•

Signaling

•

Media

•

For RMX 2000, Network Separation must be implemented before configuring 802.1X Authentication.

•

802.1X Authentication is not supported in Microsoft environments.

The following 802.1X Authentication methods are supported: •

EAP-MD5

•

EAP-TLS

•

PEAPv0

•

MSCHAPv2

Certificate Repository Implementation of 802.1X Authentication requires a certificate, which is obtained from the Certificate Repository. •

Either one TLS certificate is retrieved for all IP services and their associated NICs, — If one certificate is retrieved for all NICs, the RMX will use the Management Certificate for all the NICs. or

•

A TLS certificate for each IP service and their associated NICs is retrieved from the Certificate Repository: — If several different TLS certificates are retrieved, each NIC will use the certificate of the service that it is associated with. • In a system configured with Multiple Network Services each IP service will use its own certificate.

Polycom, Inc.

47

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

•

A NIC that does not have its own certificate will first attempt to use the Management Certificate before using a self-signed certificate.

Enabling and Configuring 802.1X Authentication 802.1X Authentication for each NIC is enabled or disabled in the Setup > Ethernet Settings dialog box. The following additional table columns are used to modify these parameters: •

802.1X Authentication

•

User Name

•

Password

Modify the Ethernet Settings table fields as set out in Table 2-6: Table 2-6

802.1X Authentication - Configuration

Field 802.1x Authentication

Description For each NIC, click the arrow to open the drop-down menu and select (or disable) the 802.1X Authentication method: • Off

• • • •

48

EAP-MD5 EAP-TLS PEAPv0 MSCHAPv2

User Name

Enter the User name that the RMX will use to register with the 802.1X Authentication Server. This must be the RMX’s DNS name and can be up to 256 characters. Note: If the Domain Name (DC) field was completed in the Certificate Request, the User must be: @ as set out in the Certificate Request.

Password (EAP-MD5, PEAPv0 and MSCHAPv2 only)

Enter the Password, that the RMX will use to register with the 802.1X Authentication Server. Up to 256 Unicode characters can be used. The Password is always displayed as four asterisks.

Polycom, Inc.

Version 8.1.4.J Detailed Description - New Security Features

Enabling 802.1X Authentication can result in the RMX being disconnected from the network and a warning message is displayed:

System Flags The following system flags are used to manage the 802.1X Authentication process. They must be manually added to system.cfg if their default values need to be modified. Table 2-7

New Flags

Flag name 802_1X_CERTIFICATE_MODE

802_1X_SKIP_CERTIFICATE_VAL IDATION

Description Determines whether one TLS certificate is retrieved from the Certificate Repository for all IP services or if multiple certificates will be retrieved, one for each IP service. Range: ONE_CERTIFICATE, MULTIPLE_CERTIFICATE Default: ONE_CERTIFICATE. If the flag value is: YES - The retrieved certificate is not validated against the CA certificate.

• •

NO - The retrieved certificate is validated against the CA certificate. Validation failure raises an Active Alarm and is reported in the Ethernet Monitoring dialog box. Range: YES, NO. Default: YES. 802_FIPS_MODE

If the flag value is YES, the availability of the MD5 Authentication Protocol will neither be displayed as selectable option nor supported. Range: YES/NO. Default: NO

Disabling 802.1X Authentication Switching to http mode from https mode by inserting a USB key containing a file named RestoreFactorySecurityDefaults.txt into the RTM-IP USB port disables 802.1X functionality

Polycom, Inc.

49

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Ethernet Monitoring 802.1x Status is displayed in the Hardware Monitor - LAN List.

The following 802.1X Statuses are possible: •

Authenticated

•

Not Configured

•

Failed

The following 802.1X Failure reasons are possible: •

Bad Configuration

•

Link Status not Detected

White List Access In compliance with UC APL requirements for enhanced security of web access to the RMX, a White List containing the addresses of IP Networking Entities permitted to connect to the RMX’s Management Network is implemented - Networking Entities such as Network Hosts, Control Workstations, Gatekeepers SIP/ DNS Servers, etc.

Guidelines

50

•

Only administrators can access and modify the White List.

•

During First Time Installation and Configuration, when enabling the White List, the IP address of the workstation used to run the RMX Web Client is automatically added to the White List.

•

The last White List entry cannot be deleted to prevent lock out. Any attempt to enable an empty White List results in the display of an error message: WhiteList is empty please add IP’s to the list if you want to enable WhiteList.

•

Both IPv4 and IPv6 are supported.

•

Web access to the RMX for http and https is through ports 80 and 443 respectively.

•

The White List can hold up to 100 entries. An error message is displayed when exceeding this limit.

•

Access is blocked at the firewall for devices with IP addresses not listed in the White List.

•

The White List is saved during Backup, Restore and Upgrade processes.

•

Changes to the White List are written to the Auditor Event File.

•

Alterations to the White List do not require a system reset.

Polycom, Inc.

Version 8.1.4.J Detailed Description - New Security Features

Enabling, Disabling and Modifying the White List The use of White List in the environment can be enabled or disabled in the Management Network Service - White List dialog box. To enable, disable, view or modify the White List: 1 In the RMX Management pane, click the IP Network Services. The IP Network Services pane is displayed. 2

In the IP Network Services list pane, double-click the Management Network entry. The Management Network dialog box is displayed.

3

Click the WhiteList tab. The WhiteList dialog box is displayed.

4

— If there are no entries in the White List, it is disabled to prevent lock out. — If the White List is disabled none of the IP addresses in the list are displayed. — The Add and Remove buttons are only active if the Enable Whitelist check box is selected. Select the Enable Whitelist check box.

All IP addresses in the list are displayed and the Add and Remove buttons become active. 5

Polycom, Inc.

Modify the White List.

51

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Both IPv4 and IPv6 addresses are supported and the system will only allow an entry of the type of IP addresses for which the Management Network Service is configured according to Table 2-8. Table 2-8

IP Address Modes IP Address Modes

RMX

Workstation / Device IPv4

IPv4

IPv4 & IPv6 IPv6

IPv6

IPv4 & IPv6 IPv4

IPv4 & IPv6

IPv6 IPv4 & IPv6

— If the system changes its IP addressing mode (e.g. from IPv4 only to both IPv4 &6) while the White List is enabled, the White List is disabled and a message, White list has been disabled please reconfigure, is displayed. — IPv4 addresses can be added as a range by using the wildcard character, *, to substitute the 3rd and 4th dotted decimal numbers of the IP address, e.g. 11.10.*.* a To Add IP addresses: For each IP address to be added to the White List: i)

In the Add IP Address field enter an IP address to be added to the White List and click the Add button.

If an invalid IP address is entered, an error message is displayed and the administrator is prompted to enter a correct IP address. If a duplicate IP address is entered, a message: Duplicate IP’s are not allowed in WhiteList is displayed. ii) When all the IP addresses have been added, click OK. A message is displayed: Applying white list will limit RMX web access to the configured IP list, are you sure you want to continue? iii) Click Yes to apply the modified White List. b

To Remove IP addresses: For each IP address to be removed from the White List: i)

In the White List, click to select an IP address to be removed from the White List.

ii)

Click the Remove button.

ii)

When all the IP necessary addresses have been removed, click OK.

A message is displayed: Applying white list will limit RMX web access to the configured IP list, are you sure you want to continue? iii) Click Yes to apply the modified White List.

52

Polycom, Inc.

Version 8.1.4.J Detailed Description - New Security Features

Alternative Network Address Types (ANAT) In compliance with UC_APL_NET_0007 Alternative Network Address Types (ANAT) is supported. When the RMX is configured for IPv4 and IPv6 Addressing, the addition of the sdp-anat option tag in the SIP Require and SIP Supported headers allows a mixture of IPv4 and IPv6 addressing to be specified by the Session Description Protocol (SDP). For a full description of ANAT see IETF RFCs 4091 and 4092.

Guidelines •

BFCP over TCP is not supported in Ultra Secure Mode. It’s associated Content channel is not available.

•

BFCP over UDP is supported in Ultra Secure Mode.

•

If the RMX is configured for both IPv4 and IPv6, IPv4 addressing is given preference when establishing the connection.

•

If an Outbound Proxy is configured, its transport type is used.

•

If an Outbound Proxy is not configured, the SIP Server’s (Registrar) transport type is used. The Outbound Proxy and the SIP Server must be configured with one type only either according to the IP address type or according to the DNS Resolution type. However, if the RMX is configured for IPv4&IPv6 then the SIP Contact field will contain both IPv4 and IPv6 addresses.

System Flag The ANAT Protocol selection is controlled by the ANAT_IP_PROTOCOL System Flag. To modify it, manually add it to system.cfg and set its value as described in Table 2-9. Range: DISABLED, AUTO, PREFER_IPv4, PREFER_IPv6 Default: — If the ULTRA_SECURE_MODE System Flag is set to NO: DISABLED. — If the ULTRA_SECURE_MODE System Flag is set to YES: AUTO. Table 2-9

Polycom, Inc.

ANAT_IP_PROTOCOL System Flag Values for Dial in Dial out

Value

Behavior - Dial in and Dial out

DISABLED

sdp-anat does not appear in SIP headers and the SDP does not contain a mixture of IPv4 and IPv6. If an endpoint requests ANAT (sends the Require: sdp-anat tag) the RMX will accept the call.

AUTO

sdp-anat appears in SIP headers. Dial in: The IP Version preference is according to the SDP priority. Dial out: IPv4 is advertised first.

PREFER_IPv4

sdp-anat appears in SIP headers. Dial in: IPv4 is the IP Version preference. Dial out: IPv4 is advertised first.

PREFER_IPv6

sdp-anat appears in SIP headers. Dial in: IPv6 is the IP Version preference Dial out: IPv6 is advertised first.

53

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

BFCP Over UDP – AS-SIP Content In compliance with UCR 2008 Change 3, AS-SIP (Assured Services-Session Initiation Protocol) Content flow has been included in this version. AS-SIP is an implementation of SIP that utilizes SIP’s built in security features. When using AS-SIP Content, the media line of the content channel is not sent as part of the initial SDP Offer/Answer message sequence. The media line of the Content channel is only sent to the MCU when an endpoint wanting to share Content initiates Content sharing. The RMX (RMX) then sends the Content media line to all conference participants using an SDP Re-invite.

Guidelines •

AS-SIP Content is shared using Multiple Resolutions (Content Transcoding) and is not supported in any other Content sharing mode such as H.263 Content and H.264 Cascade and SVC Optimized Content Protocol.

•

Multiple Resolutions consumes system video resources. If sufficient system video resources are not available, a conference with AS-SIP Content enabled in its Profile, will not be created. An error: Conference could not be created due to lack of Content DSP resources, is displayed.

•

The SIP BFCP UDP application line is included in SDP Offer/Answer message sequence.

•

An endpoint declaring SIP BFCP TCP is connected with video and audio but without Content. The SIP BFCP TCP channel will not be connected.

•

The following resolutions are supported with H.264 HD Content protocol. Only when H.264 HD is selected, these resolutions are enabled for selection:

•

54

— HD 720p5 — HD 720p30 — HD 1080p15 Endpoints that do not support receiving H.264 Content at a resolution of HD 720p5 or greater are considered Legacy Endpoints and will receive Content using the people video channel.

•

Endpoints that do not support transmitting H.264 Content at a resolution of HD 720p5 or greater are considered Legacy Endpoints and will transmit Content using the people video channel. Depending on the endpoint type, these endpoints may not be able to transmit Content at all - this is dependent on the endpoint and is not controlled by the RMX.

•

A mixture of older, non AS-SIP compliant and AS-SIP compliant endpoints are supported in the same conference and are able to share Content.

•

An endpoint connecting during a Content session is immediately sent an SDP Re-invite that includes the connect media line and will receive Content.

•

An endpoint connecting after Content started and was stopped will receive the SDP Re-invite and the content media line only after a new Content request is sent.

•

Once Content has been initiated by one of the endpoints, the Content channel will be opened to all endpoints and remain open even if the Content sharing endpoint stops sharing Content.

Polycom, Inc.

Version 8.1.4.J Detailed Description - New Security Features

Enabling AS-SIP Content AS-SIP Content is enabled in the New Profile / Profile Properties - Video Quality tab.

When the AS-SIP Content check box is selected the following are automatically enabled and cannot be disabled: •

Send Content to Legacy Endpoints

•

Multiple Resolutions

System Flag The time that the RMX waits for endpoints to respond to its SDP Re-invite is determined by a timer. The timer duration, in seconds, is controlled by the AS_SIP_CONTENT_TIMER System Flag. Its default value is 10 seconds. To modify the timer value, manually add this flag to system.cfg and modifying its value as required: Range: 1 - 60 seconds. (Values outside this range are rejected and an error message is displayed.)

Polycom, Inc.

55

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

DNS per IP Network Service In both Standard Security and Ultra Secure Modes: •

A DNS can be configured for the Management Network Service that is defined and the IP Network Service.

•

If a Multiple Services Licence is installed, a DNS can be configured for each additional IP Network Service that is defined.

To configure a DNS per IP Network Service: 1 In the New IP Network Service / IP Network Service Properties dialog box, click the DNS tab.

2

In the DNS field select Specify.

3

In the DNS Server Address field, enter the IP address of the DNS Server for the IP Network Service.

4

Continue configuring the IP Network Service or click OK to save your changes.

Guidelines

56

•

If the DNS field in the IP Network Service is set to Specify and the DNS is not configured or disabled, the DNS configured for the Management Network will be used.

•

When upgrading from a version that does not support a DNS per IP Network Service, the DNS configured for the Management Network will be used.

Polycom, Inc.

Version 8.1.4.J Detailed Description - New Security Features

Internet Control Message Protocol (ICMP) ICMP (Internet Control Message Protocol) is used to send messages between networked entities. It is typically used to send and receive information concerning: •

Communications errors in network applications

•

Remote host reachability and availability

•

Network congestion (latency)

•

Traffic redirection

Malicious devices can however use these capabilities in order to divert, intercept, detect, network traffic. The following System Flags have been added to enable the administrator to control ICMP Redirect and Destination Unreachable messages: •

ENABLE_ACCEPTING_ICMP_REDIRECT

•

ENABLE_SENDING_ICMP_DESTINATION_UNREACHABLE

By setting the value of these flags to NO the risk of malicious behavior can be mitigated. For a full description of ICMP see RFC 792.

Guidelines •

Both flags apply to all MCU platforms: RealPresence Collaboration Server (RMX) 1500/ 2000/4000/RealPresence Collaboration Server (RMX) 1800/RealPresence Collaboration Server 800s).

•

Both flags apply to all Ethernet connections: Management, Signaling, Media, Modem, etc.

System Flag: ENABLE_ACCEPTING_ICMP_REDIRECT This System Flag enables the administrator to control whether the RMX accepts or rejects ICMP Redirect Messages (ICMP message type #5), typically used to instruct routers to redirect network traffic through alternate network elements. •

Range: YES / NO

•

Default: — Ultra Secure Mode: NO - Redirect messages or ignored. — Default Security Mode: YES - Redirect messages are accepted.

Polycom, Inc.

57

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

System Flag: ENABLE_SENDING_ICMP_DESTINATION_UNREACHABLE This System Flag enables the administrator to control whether the RMX sends ICMP Destination Unreachable Messages (ICMP message type #3). Destination Unreachable Messages are sent when the RMX receives a UDP packet on a port configured for TCP, or receives a UDP packet on a port configured for TCP, or when, in real time, a packet is not processed in the prescribed time interval. For detailed timestamp information see RFC 792. The Destination Unreachable Message may also be sent when Network or Host is unreachable (sent by the router) or the Port is unreachable (sent by the RMX). •

Range: YES / NO

•

Default: — Ultra Secure Mode: NO - Destination Unreachable Message is never sent. — Default Security Mode: YES - Destination Unreachable Message is sent when needed.

Modifying the flag values To modify the System Flags values, the flags must first be manually added to system.cfg. For more information about System Flags, see “Manually Adding and Deleting System Flags” in the Administrator’s Guide.

58

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

Version 8.1.4.J - Changes to Existing Security Features Password Encryption - Migration from SHA-1 to SHA-256 In compliance with UC APL, FIPS 140-2 the SHA-256 (Secure Hash Algorithm) becomes mandatory for: •

Application login passwords.

•

Linux operating system passwords.

•

CSRs (Certificate Signing Requests).

The output value for SHA-256 is 256 bits whereas for SHA-1 the output value is 160 bits. For backward compatibility with previous versions, either SHA-1 or SHA-256 can be selected as the hash algorithm used in the creation of CSRs.

Polycom, Inc.

59

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Upgrade / Downgrade Guidelines The RMX configuration, including users and passwords, should be backed up before upgrading or downgrading. Table 2-10 summarizes the system behavior with regard to passwords and certificates when upgrading to or downgrading from this version. Table 2-10 Version Change - Password and Certificate Compatibility Version Change Upgrade from old version to new version

Behavior Passwords

Certificates

On user login: All new-user passwords are hashed and saved using SHA-256.

The new version accepts certificates issued with SHA-1 hashing.

• •

Existing user passwords remain saved using the SHA-1 signature, however:

•

On first login after the upgrade the SHA-1 hashed password is automatically replaced with SHA-256 hashed password. Note: After an upgrade to version 8.1.4.J there will be still passwords saved with the SHA-1 signature. In order not to rely on automatic password signature conversion and replacement, and to ensure that the system only has SHA-256 hashed passwords saved, the administrator should: Either: • Ensure that all the users login to the system at least once to ensure automatic replacement of SHA-1 hashed passwords with SHA-256 hashed passwords. Or: • Delete and recreate all users.

60

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

Table 2-10 Version Change - Password and Certificate Compatibility (Continued) Version Change Downgrade from new version to old version

Behavior Passwords

Certificates

Before the downgrade procedure begins, the administrator receives a popup warning message “Passwords will change to factory default would you like to proceed?” All users and SHA-256 hashed passwords are deleted. The administrator’s User Name and Password reverts to the Factory Default: POLYCOM / POLYCOM.

The old version accepts certificates issued with SHA-1 hashing. For certificates issued with SHA-256 hashing: • The administrator receives a popup warning message "TLS certificate will be deleted and the system will switch to non-secured connection, would you like to proceed?”

•

For each certificate that is hashed with SHA-256:

•

RMX Web Client / RMX Manager connections to the RMX are switched to non-secured mode.

•

LDAP services are changed from 636 to port 389.

•

SIP TLS sessions are changed to SIP UDP.

•

The certificate is deleted.

Non-hashed Passwords All non-hashed passwords are stored encrypted as set out in Table 2-11. Table 2-11 Non-hashed Passwords - Encryption

Polycom, Inc.

Previous Versions

From Version 8.1

Community permissions which are not the PW to connect to SNMP are not Saved Encrypted

Non encrypted

AES 256

Exchange

Non encrypted – Feature disabled in Ultra Secure Mode

Non encrypted

AES 256

RV v.35 serial ports – password for login

Reversible – AES_128 with 256 Bytes Key (2048 Bits)

AES 256

AES 256

H.323 authentication – password

Reversible – AES_128 with 256 Bytes Key (2048 Bits)

AES 256

AES 256

SIP digest – password

Reversible – AES_128 with 256 Bytes Key (2048 Bits)

AES 256

AES 256

Connection

Storage type

SNMPv3 Two passwords: Authentication / Privacy

61

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

PKI Online Certificate Status Protocol OCSP In compliance with UC APL requirements, the PKI feature set has been enhanced and expanded. Beginning with this version: •

A single Certificate Repository is maintained for:

•

— The Management Network Service. — SIP TLS Personal Certificates for each defined IP Network Service. — Trusted (CA) certificate for all TLS connections. — CRL for all TLS connections. SIP TLS certificates are validated against the CA.

•

SIP TLS certificates are managed using CRL and Online Certificate Status Protocol (OCSP). — Certificate revocation mode, whether by OCSP or CRL is managed using the i setting of the Management Network. — SIP TLS is managed using the General TLS setting.

62

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

Changes to the RMX Web Client and RMX Manager Certificate creation and management is enhanced by the following changes to the RMX Web Client and RMX Manager. Added: Certification Repository management dialog box, containing a Create Certificate Request and Send Certificate dialog box. Removed: Create / Send Certificate options in the RMX Setup menu.

Modified: Certification Repository menu option, opens Certification Repository containing Create / Send Certificate options.

Added: Hash Method and SAN fields to Create Certificate Request dialog box. Removed: From IP and Management Network Services - SIP Servers tab: TLS Certificate Method; Create Certificate; Send Certificate

Polycom, Inc.

Added: To IP and Management Network Services: TLS Certificate Validation and Revocation options

63

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Adding Certificates to the Certificate Repository Personal Certificates To add a Personal Certificate to the Certificate Repository: 1 In the Certification Repository - Personal Certificates tab select the Network Service. 2

Click the Add button. The Add dialog box is displayed with the configured parameters of the selected Network Service filled in.

3

Select the Certificate Method. (Default is CSR)

4

— Only CSR can be selected for the Default Management Network Service. — CSR or PFX/PEM can be selected for IP Network Services. Optional. If CSR was selected as the Certificate Method: a

Click Create Certificate Request. The Create Certificate Request dialog box is displayed with the Common Name field filled in.

b

Complete the Certificate Request fields. The two additional fields are defined as: •

64

Subject Alternative Name (SAN) - This field is required when using EAP-TLS in conjunction with a Network Policy Server (MS-NPS). It allows the optional inclusion of: - Principle Name - DNS Name: Long – FQDN Short - Host only - IP Address (IPv4 and IPv6) When the Subject Alternative Name (SAN) check box is selected the input box becomes active, allowing the user to modify the example values provided, to match local certificate requirements and delete those that are not applicable.

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

The user can add up to 20 different SANs. If an incorrect SAN type is entered, an error message, Unsupported SAN type, is displayed when the Send Details button is clicked. •

The SAN field, DNS Name (FQDN) is not used for Machine Account validation. For example, when using a DMA, the DMA will not validate the RMX unless the FQDN field in the User Properties (New User) dialog box is correctly filled in.

•

The SAN field should not be used when configuring the RMX for use in MS Lync Environments.

•

5

Hash Method - Select the output value for the Secure Hash Algorithm: - SHA-256 the output value is 256 bits. - SHA-1 the output value is 160 bits. For backward compatibility, with previous versions, either SHA-1 or SHA-256 can be selected as the hash algorithm used in the creation of CSRs (Certificate Signing Requests). Click Send Certificate.

For all certificates, both Management and SIP TLS: •

Once the certificate is sent a message is displayed indicating successful installation of the certificate and the new certificate replaces the old certificate.

•

If the certificate installation fails the old certificate continues to function and a message is displayed indicating one of the following the reasons for the failure: — — — — —

Invalid password. Certificate expired. Certificate DNS name does not match RMX (service) DNS name. Chain is not trusted General - .

Certificate Validation Option Validation of peer SIP TLS certificates against one or several installed CA certificates can be enabled or disabled for the Default Management and each defined IP Service by selecting or clearing the Skip certificate validation check box.

Polycom, Inc.

65

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

The check box is checked by default to Skip certificate validation for user logging session and no validation of expiration, CA signature or CRL/OCSP checking is performed.

Clearing the check box enables full validation requires that there be at least one CA certificate in the certificate repository, failing which a message At least one CA certificate should be installed is displayed. If the Secured Communication option is unchecked in the Management Network - Security tab all Certificate Validation and Revocation fields are disabled.

66

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

Certificate Revocation Certificate Revocation of IP Network and peer SIP TLS certificates for each defined IP Service can be enabled, disabled and configured:

Revocation Method One of three Certificate Revocation Methods can be selected: •

NONE (Default) - Certificate Revocation is not implemented.

•

CRL - Requires at least one CRL file be installed, failing which an error message, At least one CRL should be installed, is displayed.

•

OCSP - When selected, additional configuration options are displayed. — Global Responder URL • The format of the URL is validated and must be of the format: http(s)://responder.example.com/ocsp

• The URL can be either http or https. • If the Global Responder URL does not respond an Active Alarm is raised. — Use Responder Specified in Certificate • The default for this check box is unchecked. • If the check box is checked Responder URL is taken from the certificate. If the certificate does not contain a Responder URL, the Global Responder URL is used. • If the check box is unchecked the Global Responder URL is used. If the Global Responder URL is incorrectly configured a message, Global responder URL must be configured, is displayed. — Allow Incomplete Revocation Checks If OCSP is selected: •

•

Polycom, Inc.

If the check box is checked and the Global Responder or the Responder Specified in the Certificate does not respond for any reason the certificate is not considered revoked. If the check box is unchecked and the Global Responder or the Responder Specified in the Certificate does not respond for any reason the certificate is considered revoked.

67

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

If CRL is selected: •

•

If the check box is checked and the CRL of the specific CA is not loaded, all Certificates are the CA are not considered revoked. • If the check box is unchecked and the CRL of the specific CA is not loaded, all Certificates are the CA are considered revoked. — Skip Certificate Validation for OSCP Responder • No Certificate Validation is performed. System Flag: Should intermittent login problems occur when logging in to the RMX’s Management Network, the OCSP_RESPONDER_TIMEOUT System Flag can be manually added to system.cfg and its value set to the number of seconds the RMX is to wait for an OCSP response from the OCSP Responder before failing the connection. Default: 3 (seconds) Range: 1-20 (seconds)

PKI Self-signed Certificate In compliance with UC APL requirements, PKI Self-signed Certificates are supported for the both the Default Management and IP Network Services. A mixture of Self-signed and CA-signed Certificates is supported, however a CA-signed certificate will always override a Self-signed Certificate.

Self-signed Certificate Creation Self-signed Certificates are created during: •

Initial system start-up before any CA-signed Certificates have been installed.

•

IP Network Services creation.

•

Network Services updates that result in Host Name changes.

•

Daily validity checks of Self-signed Certificates.

•

Backup and Restore of the system configuration

Self-signed Certificate field values are automatically inserted when the certificate is created: Table 2-12 Self-signed Certificate - Creation

68

Field

Value

Signature Algorithm

SHA1

Issuer / Issued To

Service Host Name Both the Issuer and Issued To fields have the same values. CN = host name of the service name DC = Polycom OU = Self Signed Certificate O = Polycom RMX Note: The value of CN is derived from the IP Network Service Name, while the values of DC, OU and O are hard coded. For a full description of these fields see RFC 5280.

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

Table 2-12 Self-signed Certificate - Creation (Continued) Field

Value

Valid from

Date of creation

Valid to

Date of creation + 10 years

Subject (Common Name)

Service Host Name

Public Key

2048 bits

Self-signed Certificates are indicated in the Certification Repository - Issued By field.

Media Encryption and Authentication In compliance with UC_APL_SEC_0013, the RMX supports an additional Privacy Protocol AES_CM_128_HMAC_SHA1_32, in addition to AES_CM_128_HMAC_SHA1_80.

System Flag The Privacy Protocol selection is controlled by the SRTP_SRTCP_HMAC_SHA_LENGH System Flag. To modify its setting, manually add it to system.cfg and set its value as summarized in Table 2-13. Range: 80, 32, 80_32 Default: 80 Table 2-13 Privacy Protocols - Flag Settings

Polycom, Inc.

Authentication Tag Length

SRTP_SRTCP_HMAC_SHA _LENGH Flag Value

Negotiation Protocol SDP

80

AES_CM_128_HMAC_SHA1_80

80

80

32

AES_CM_128_HMAC_SHA1_32

32

80

RTP

RTCP

69

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 2-13 Privacy Protocols - Flag Settings SRTP_SRTCP_HMAC_SHA _LENGH Flag Value

Negotiation Protocol SDP

80_32

First: AES_CM_128_HMAC_SHA1_32 Second: AES_CM_128_HMAC_SHA1_80

Authentication Tag Length RTP 32 or 80 (Depending on negotiation result)

RTCP

80

SIP TCP Keep-Alive In compliance with UC APL requirements, the NAT Keep Alive method has been enhanced according to IETF RFC 5626 and RFC 6223. For a full description of Keep Alive see IETF RFC 5626 and IETF RFC 6223. Keep Alive behavior is defined for each IP Network Service and can be modified by adding the following System Flags and modifying their values according to Table 2-14.

70

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

For more information seethe RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide "IP Network Service Definition” on page 1-66. Table 2-14 System Flags - SIP_TCP_KEEPALIVE_TYPE / BEHAVIOR Flag

Possible Flag Values

SIP_TCP_KEEPALIVE_TYPE

NONE • No Keep Alive messages are sent. MS (Default when Microsoft SIP Server Type is selected for the Network Service). • Keep Alive messages are sent only after successful registration.

•

A Pong response is not expected.

RFC5626 In the SIP Header, the Flow-Timer Header Field is mandatory.

• •

Keep Alive messages are sent only after successful registration. A Pong response is expected and if none is received, the value of the SIP_TCP_KEEP_ALIVE _BEHAVIOR System Flag is checked. If its value is: DO_NOT_RE_REGISTRATION_WHEN_NO_PONG_RESP ONSE:

•

For a Register Dialog,a Reregister Message is sent. There is no disconnection.

•

For a Call Dialog, no further messages are sent. There is no disconnection. If its value is: RE_REGISTRATION_WHEN_NO_PONG_RESPONSE:

•

Both Register and Call Dialogs are disconnected.

RFC6223 • Behavior is the same as for RFC5626 with the following differences:

• •

In the SIP Header, the Via Header “keep” is mandatory. In the SIP Header, the Flow-Timer Header Field is optional.

PLCM (Default when Generic SIP Server Type is selected for the Network Service). • For Call and successful Register Dialogues:

• •

Polycom, Inc.

Two CR LF character sequences are sent No PONG response is expected

71

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 2-14 System Flags - SIP_TCP_KEEPALIVE_TYPE / BEHAVIOR (Continued) Flag

Possible Flag Values

SIP_TCP_KEEP_ALIVE_BEHA VIOR

If the value of the System Flag, SIP_TCP_KEEPALIVE_TYPE = RFC5626 or RFC6223 and no Pong is received, the value of this System Flag is checked. Possible Values: • RE_REGISTRATION_WHEN_NO_PONG_RESPONSE

•

DO_NOT_RE_REGISTRATION_WHEN_NO_PONG_RESPO NSE (Default) For a full description see the description for the SIP_TCP _KEEPALIVE_TYPE flag (above).

Keep Alive Frequency The Keep Alive frequency is set by the SIP Server using the Via Header keep and Flow Timer fields of the SIP Header. If the RMX is functioning as the server, the Keep Alive frequency is set according to the hard coded values listed in Table 2-15. Table 2-15 Keep Alive - Frequency Field SIP_TCP_KEEPALIVE_DISABLE SIP_TCP_KEEPALIVE_MS

Seconds None 300

SIP_TCP_KEEPALIVE_5626 SIP_TCP_KEEPALIVE_6223

60

SIP_TCP_KEEPALIVE_PLCM

SNMP SNMP enables managing and monitoring of the MCU status by external managing systems, such as HP OpenView or through web applications.

Guidelines •

IPv4 and IPv6 are supported.

•

The implementation of SNMPv3 is FIPS 140 compliant.

•

In Ultra Secure Mode: — Version 3 is the default for both SNMP Agent Version and SNMP Trap Version. — The default Authentication Protocol is SHA — The default Privacy Protocol is AES.

72

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

MIBs (Management Information Base) MIBs are a collection of definitions, which define the properties of the managed object within the device to be managed. Every managed device keeps a database of values for each of the definitions written in the MIB. The SNMP systems poll the MCU according to the MIB definitions.

MIB Files The H.341 standard defines the MIBs that H.320 and H.323 MCUs must comply with. In addition, other MIBs should also be supported, such as MIB-II and the ENTITY MIB, which are common to all network entities. The MIBs are contained in files in the SNMP MIBS sub-directory of the RMX root directory. The files should be loaded to the SNMP external system and compiled within that application. Only then can the SNMP external application perform the required monitoring tasks. The MULTI-MEDIA_MIB_TC must be compiled before compiling the other MIBs.

Private MIBs •

RMX-MIB (RMX-MIB.MIB) — Contains the statuses of the RMX: Startup, Normal and Major. — Contains all the Alarms of the RMX that are sent to the SNMP Manager.

Support for MIB-II Sections The following table details the MIB-II sections that are supported: Section

Object Identifier

system

mib-2 1

interfaces

mib-2 2

ip

mib-2 4

The Alarm-MIB This MIB is used to send alarms. When a trap is sent, the Alarm-MIB is used to send it. The following alarms are supported:

Polycom, Inc.

Alarm

Description

Power Cycle - Cold Restart

The sending Agent is re initializing itself, usually because of a reboot.

Software - Warm Restart

The sending Agent is re initializing itself, usually because of a normal restart.

Link Disconnect -Link Down

One of the communication links on the Agent Node has failed. The first element in the variable bindings contains the name and value of the ifIndex instance for the interface that is down

73

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Alarm

Description

Link Reconnect - Link Up

One of the communication links on the Agent Node has become active. The first element in the variable bindings is the name and value of the ifIndex instance for the affected interface

H.341-MIB (H.341 – H.323) •

Gives the address of the gatekeeper.

•

Supports H.341-MIB of SNMP events of H.323.

Standard MIBs This section describes the MIBs that are included with the RMX. These MIBs define the various parameters that can be monitored, and their acceptable values.

74

MIB Name

Description

MULTI-MEDIA-MIB-TC (MULTIMTC.MIB)

Defines a set of textual conventions used within the set of Multi Media MIB modules.

H.320ENTITY-MIB (H320-ENT.MIB)

This is a collection of common objects, which can be used in an H.320 terminal, an H.320 MCU and an H.320/H.323 gateway. These objects are arranged in three groups: Capability, Call Status, and H.221 Statistics.

H.320MCU-MIB (H320-MCU.MIB)

Used to identify managed objects for an H.320 MCU. It consists of four groups: System, Conference, Terminal, and Controls. The Conference group consists of the active conferences. The Terminal group is used to describe terminals in active MCU conferences. The Controls group enables remote management of the MCU.

H323MC-MIB (H323-MC.MIB)

Used to identify objects defined for an H.323 Multipoint Controller. It consists of six groups: System, Configuration, Conference, Statistics, Controls and Notifications. The Conference group is used to identify the active conferences in the MCU. The Notifications group allows an MCU, if enabled, to inform a remote management client of its operational status. Note: The RMX supports only one field in H.341-H323MC MIB. The RMX reports the Gatekeeper address using H.341-H323MC MIB – 323McConfigGatekeeperAddress (0.0.8.341.1.1.4.2.1.1.4) in response to a query from a manager.

MP-MIB (H323-MP.MIB)

Used to identify objects defined for an H.323 Multipoint Processor, and consists of two groups: Configuration and Conference. The Configuration group is used to identify audio/video mix configuration counts. The Conference group describes the audio and video multi-processing operation.

MIB-II/RFC1213-MIB (RFC1213.MIB)

Holds basic network information and statistics about the following protocols: TCP, UDP, IP, ICMP and SNMP. In addition, it holds a table of interfaces that the Agent has. MIB-II also contains basic identification information for the system, such as, Product Name, Description, Location and Contact Person.

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

MIB Name

Description

ENTITY-MIB (ENTITY.MIB)

Describes the unit physically: Number of slots, type of board in each slot, and number of ports in each slot.

IP MIB (RFC 4293)

IP MIB supports both IPv4 & IPv6 entities. For a full description of the IP MIB see IETF RFC 4293.

Unified MIB Note: This information is subject to change. The information below is not final. The RMX uses the Polycom Unified MIB, in addition to the RMX specific MIB. The Polycom Unified MIB is an MIB that is used by many Polycom products. The following table describes the information provided by the RMX in the Unified MIB.

Polycom, Inc.

Name

Type

Description

Debug

Boolean

Indicates whether the unit is in a debugging state.

IncomingCallsReqrGK

Boolean

Indicates whether a gatekeeper is required to receive incoming H.323 calls.

OutgoingCallsReqrGK

Boolean

Indicates whether a gatekeeper is required to make outgoing H.323 calls.

HDBitrateThrshld

Integer

The minimum bit rate required by endpoints in order to connect to an HD conference.

MaxCPRstln

Integer

Maximum resolution of a CP conference.

MaxCPRstlnCfg

Integer

Configured resolution for a CP conference.

EndpointDispayName

String

The name of the MCU that is displayed on the screen of endpoints that are connecting to the conference.

PALNTSC

NTSC/PAL/ AUTO

The video encoding of the RMX.

SeparateMgmtNet

Boolean

Indicates whether management network separation is enabled.

NumPorts

Integer

Total number of ports.

NumVideoPorts

Integer

Number of ports configured for video.

ServiceH323

Integer

Indicates the status of H.323 capabilities: 1 - The service is enabled and operational. 2 - The service is enabled but is not operational. 3 - The service is disabled.

ServiceSIP

Integer

Indicates the status of SIP capabilities: 1 - The service is enabled and operational. 2 - The service is enabled but is not operational. 3 - The service is disabled.

75

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Name

Type

Description

ServiceISDN

Integer

Indicates the status of SIP capabilities: 1 - The service is enabled and operational. 2 - The service is enabled but is not operational. 3 - The service is disabled.

RsrcAllocMode

Fixed/ Flexible

The resource allocation method which determines how the system resources are allocated to the connecting endpoints.

McuSystemStatus

Integer

System State.

FanStatus

Boolean

Status of the hardware fan.

PowerSupplyStatus

Boolean

Status of the power supply.

IntegratedBoardsStatus

Boolean

Status of the integrated boards.

UltraSecureMode

Boolean

Indicates whether the RMX is operating in Ultra Secure Mode.

ChassisTemp

Integer

The temperature of the chasis.

NumPortsUsed

Integer

Number of ports currently in use.

NewCallsPerMinute

Integer

New calls in the last minute.

ScsfNewCallsPerMinute

Integer

Successful new calls in the last minute.

FldNewCallsPerMinute

Integer

Failed new calls in the last minute.

PctScsflNewCalls

Integer

Percentage of new calls in the last minute which were successful.

CallsEndedScsflPerMin

Integer

Number of calls in the last minute which ended with a success code.

CallsEndedFailedPerMin

Integer

Number of calls in the last minute which ended with a failure code.

CallsEndedScsfl

Integer

Number of calls in the last minute which ended with a success code.

CallsEndedFailed

Integer

Number of calls in the last minute which ended with a failure code.

NumActvCnfrncs

Integer

Number of active conferences.

Traps The MCU is able to send Traps to different managers. Traps are messages that are sent by the MCU to the SNMP Manager when an event such as MCU Reset occurs.

Guidelines

76

•

Version 1, Version 2 and Version 3 traps are supported.

•

When SNMPv3 is selected only SNMPv3 Queries and Traps receive responses.

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

•

A mixture of Version 1, Version 2 and Version 3 traps is not permitted.

Three types of traps are sent as follows: 1

ColdStart trap. This is a standard trap which is sent when the MCU is reset. coldStart notification received from: 172.22.189.154 at 5/20/ 2007 7:03:12 PM Time stamp: 0 days 00h:00m:00s.00th Agent address: 172.22.189.154 Port: 32774 Transport: IP/UDP Protocol: SNMPv2c Notification Manager address: 172.22.172.34 Port: 162 Transport: IP/UDP Community: public Enterprise: enterprises.8072.3.2.10 Bindings (3) Binding #1: sysUpTime.0 *** (timeticks) 0 days 00h:00m:00s.00th Binding #2: snmpTrapOID.0 *** (oid) coldStart

Figure 1

2

An Example of a ColdStart Trap

Authentication failure trap. This is a standard trap which is sent when an unauthorized community tries to enter. authentication Failure notification received from: 172.22.189.154 at 5/20/2007 7:33:38 PM Time stamp: 0 days 00h:30m:27s.64th Agent address: 172.22.189.154 Port: 32777 Transport: IP/UDP Protocol: SNMPv2c Notification Manager address: 172.22.172.34 Port: 162 Transport: IP/UDP Community: public Enterprise: enterprises.8072.3.2.10 Bindings (3) Binding #1: sysUpTime.0 *** (timeticks) 0 days 00h:30m:27s.64th Binding #2: snmpTrapOID.0 *** (oid) authenticationFailure

Figure 2

Polycom, Inc.

An Example of an Authentication Failure Trap

77

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

3

Alarm Fault trap. The third trap type is a family of traps defined in the POLYCOM-RMX-MIB file, these traps are associated with the RMX active alarm and clearance (proprietary SNMP trap). rmxFailedConfigUserListInLinuxAlarmFault notification received from: 172.22.189.154 at 5/20/2007 7:04:22 PM Time stamp: 0 days 00h:01m:11s.71th Agent address: 172.22.189.154 Port: 32777 Transport: IP/UDP Protocol: SNMPv2c Notification Manager address: 172.22.172.34 Port: 162 Transport: IP/UDP Community: public Bindings (6) Binding #1: sysUpTime.0 *** (timeticks) 0 days 00h:01m:11s.71th Binding #2: snmpTrapOID.0 *** (oid) rmxFailedConfigUserListInLinuxAlarmFault Binding #3: rmxAlarmDescription *** (octets) Insufficient resources Binding #4: rmxActiveAlarmDateAndTime *** (octets) 2007-6-19,16:7:15.0,0:0 Binding #5: rmxActiveAlarmIndex *** (gauge32) 2 Binding #6: rmxActiveAlarmListName *** (octets) Active Alarm Table * Binding #7: rmxActiveAlarmRmxStatus *** (rmxStatus) major

Figure 3

An Example of an Alarm Fault Trap

Each trap is sent with a time stamp, the agent address, and the manager address.

Status Trap The MCU sends status traps for the status MAJOR - a trap is sent when the card/MCU status is MAJOR. All traps are considered “MAJOR”.

Defining the SNMP Parameters in the RMX The SNMP option is enabled and configured using the RMX Web Client application. The addresses of the Managers monitoring the MCU and other security information are defined in the RMX Web Client application and are saved on the MCU’s hard disk. Only users defined as Administrator can define or modify the SNMP security parameters in the RMX Web Client application.

78

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

To enable SNMP option: 1 In the RMX Web Client menu bar, click Setup > SNMP. The RMX-SNMP Properties - Agent dialog box is displayed.

This dialog box is used to define the basic information for this MCU that will be used by the SNMP system to identify it. 2

In the Agent dialog box, click the SNMP Enabled check box.

3

Click the Retrieve MIB Files button to obtain a file that lists the MIBs that define the properties of the object being managed. The Retrieve MIB Files dialog box is displayed.

Polycom, Inc.

4

Click the Browse button and navigate to the desired directory to save the MIB files.

5

Click OK. The path of the selected directory is displayed in the Retrieve MIB Files dialog box.

6

Click the Save button. The MIB files are saved to the selected directory.

7

Click Close to exit the Retrieve MIB Files dialog box.

79

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

8

In the Agent dialog box, define the parameters that allow the SNMP Management System and its user to easily identify the MCU. Table 2-16 RMX-SNMP Properties - Agent Options

9

Field

Description

Version

Contact person for this MCU

Type the name of the person to be contacted in the event of problems with the MCU.

MCU Location

Type the location of the MCU (address or any description).

MCU System Name

Type the MCU’s system name.

SNMP Agent Version

Select Version 1 / 2 / 3 from the drop-down menu.

Engine ID

This field can be left empty, allowing the RMX to automatically generate an Engine ID both Queries and Traps. Optionally, the administrator can enter an Engine ID comprised of up to 27 ASCII characters.

1, 2, 3

3

Click the Traps tab. The SNMP Properties – Traps dialog box opens.

Version 3

Versions 1 & 2

80

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

Traps are messages sent by the MCU to the SNMP Managers when events such as MCU Startup or Shutdown occur. Traps may be sent to several SNMP Managers whose IP addresses are specified in the Trap Destinations box. 10 Select the SNMP Trap Version. The version of the traps being sent to the IP Host. The standard SNMP Version 1, 2 and 3 traps, are taken from IETF RFC 1215. The SNMP Trap Version parameters must be defined identically in the external SNMP application. 11 Click the Add button to add a new Manager terminal. Depending on the SNMP Trap Version selected, one of the two following New Trap Destination dialog boxes opens. Trap Version 1 ,2 Trap Version 3

12 Define the following parameters: Table 2-17 SNMPv3 - Traps

Polycom, Inc.

Field

Description

IP Address

Enter the IP address of the SNMP trap recipient.

Enable Trap Inform

An Inform is a Trap that requires receipt confirmation from the entity receiving the Trap. If the Engine ID field (Version 3) is empty when Enable Trap Inform has been selected, the Engine ID is set by the Client.

Community Name

Enter the Community Name of the manager terminal used to monitor the MCU activity

Version

1,2,3

1, 2

81

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 2-17 SNMPv3 - Traps (Continued) Field

Description

User Name

Enter the name of the user who is to have access to the trap.

Engine ID

Enter an Engine ID to be used for the Trap. This field is enabled when the Enable Trap Inform check box is selected. If the Enable Trap Inform check box is cleared the Engine ID of the Agent is used. The Engine ID is comprised of up to 64 Hexadecimal characters. Default: Empty

Security Level

Select a Security Level from the drop-down menu. Range: No Auth, No Priv; Auth, No Priv; Auth, Priv Default: Auth, Priv

Authentication Protocol

Enter the authentication protocol: MD5 or SHA. The availability of the MD5 Authentication Protocol as a selectable option is controlled by adding the SNMP_FIPS_MODE System Flag to system.cfg and setting its value. A value of YES means that MD5 will neither be displayed as selectable option nor supported. Range: YES/NO. Default: NO.

Version

3

Authentication Password Privacy Protocol

Enter the privacy protocol: DES or AES. The availability of the DES Privacy Protocol as a selectable option is controlled by adding the SNMP_FIPS_MODE System Flag to system.cfg and setting its value. A value of YES means that DES will neither be displayed as a selectable option nor supported. Range: YES/NO. Default: NO.

Privacy Password

13 Type the IP Address and the Community name of the manager terminal used to monitor the MCU activity, and then click OK. The Community name is a string of characters that will be added to the message that is sent to the external Manager terminals. This string is used to identify the message source by the external Manager terminal. The new IP Address and Community name is added to the Trap Destinations box. a

To delete the IP Address of a Manager terminal, select the address that you wish to delete, and then click the Remove button. The IP address in the Trap Destinations box is removed.

14 Click the Security tab.

82

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

The RMX-SNMP Properties – Security dialog box opens.

Version 3

Versions 1 & 2

This dialog box is used to define whether the query sent to the MCU is sent from an authorized source. When the “Accept SNMP packets from all Hosts” is disabled, a valid query must contain the appropriate community string and must be sent from one of the Manager terminals whose IP address is listed in this dialog box. 15 Define the following parameters: Table 2-18 SNMP - Security

Polycom, Inc.

Field

Description

Send Authentication Trap

Select this check box to send a message to the SNMP Manager when an unauthorized query is sent to the MCU. When cleared, no indication will be sent to the SNMP Manager.

Versions 1, 2, 3

83

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 2-18 SNMP - Security (Continued) Field

Description

Accept Host Community Name

Enter the string added to queries that are sent from the SNMP Manager to indicate that they were sent from an authorized source. Note: Queries sent with different strings will be regarded as a violation of security, and, if the Send Authentication Trap check box is selected, an appropriate message will be sent to the SNMP Manager.

Accept SNMP Packets from all Host

Select this option if a query sent from any Manager terminal is valid. When selected, the Accept SNMP Packets from These Hosts option is disabled.

Accept SNMP Packets from the following Hosts

Lists specific Manager terminals whose queries will be considered as valid. This option is enabled when the Accept SNMP Packets from any Host option is cleared.

User Name

Enter a User Name of up to 48 characters Default: Empty

Security Level

Select a Security Level from the drop-down menu. Range: No Auth, No Priv; Auth, No Priv; Auth, Priv Default: Auth, Priv

Authentication Protocol

Select the authentication protocol Range: MD5, SHA Default: MD5

Authentication Password

Enter an Authentication Password. Range: 8 - 48 characters Default: Empty

Privacy Protocol

Select a Privacy Protocol. Range: DES, AES Default: DES

Privacy Password

Enter a Privacy Password. Range: 8 - 48 characters Default: Empty

These fields are enabled if Authentication is selected in the Security Level field.

Versions 1, 2

Version 3

These fields are enabled if Privacy is selected in the Security Level field.

16 To specifically define one or more valid terminals, ensure that the Accept SNMP Packets from any Host option is cleared and then click the Add button. The Accepted Host IP Address dialog box opens.

84

Polycom, Inc.

Version 8.1.4.J - Changes to Existing Security Features

17 Enter the IP Address of the Manager terminal from which valid queries may be sent to the MCU, and then click OK. Click the Add button to define additional IP Addresses. The IP Address or Addresses are displayed in the Accept SNMP Packets from These Hosts box. Queries sent from terminals not listed in the Accept SNMP Packets from These Hosts box are regarded as a violation of the MCU security, and if the Send Authentication Trap check box is selected, an appropriate message will be sent to all the terminals listed in the SNMP Properties – Traps dialog box.

18

Polycom, Inc.

In the RMX - SNMP Properties - Security dialog box, click OK.

85

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Version 8.1.4.J Detailed Description New Features New Video Resolution 1080p60 This version adds the option of HD1080p resolution at 60 fps for improved resolution of motion video. In previous versions the highest resolution at 60 fps was HD720p.

Guidelines HD1080p60 is supported: •

With MPMx cards only.

•

In Continuous Presence (CP) mode:

•

— At bit rates of up to 4Mbps. — HD1080p60 is supported asymmetrically: The RMX receives HD720p60 and sends HD1080p60. — HD1080p60 is only selectable when Video Quality is set to Motion. System behavior when Video Quality is set to Sharpness is unchanged. In Video Switching (VSW) mode:

•

— At bit rates of up to 6Mbps. — HD1080p60 is supported symmetrically: The RMX receives and sends HD1080p60. In Telepresence environments the RMX sends HD1080p60 to all endpoints except for those with 1x1 Video Layouts, which receive the same resolution and frame rate from the RMX as they send. TIP endpoints are not supported

•

PAL endpoints are supported at a frame rate of 50 fps.

•

Each HD1080p60 participant consumes 9 system resources. (For comparison: Each HD720p60 participant consumes 6 system resources.)

HD1080p60 is not supported: •

For ISDN participants.

•

For Content sharing.

•

With RTV

CP Resolution Decision Matrix All the CP resolution options and settings are based on a decision matrix which matches video resolutions to connection line rates, with the aim of providing the best balance between resource usage and video quality at any given line rate. For more information see the RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide "The CP Resolution Decision Matrix” on page 2-4.

86

Polycom, Inc.

Version 8.1.4.J Detailed Description - New Features

H.264 Base Profile and High Profile Comparison The following illustrations show a comparison between the resolutions used at various line rates for H.264 Baseline and the H.264 High Profile, for the Motion Video Quality setting according to the following Resolution Configuration Modes: •

Resource-Quality Balanced

•

Resource Optimized

•

Video Quality Optimized

Figure 2-1 Resolution usage for H.264 High Profile and H.264 Base Profile for Motion at various line rates when Resolution Configuration is set to Resource-Quality Balanced

Polycom, Inc.

87

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Figure 2-2 Resolution usage for H.264 High Profile and H.264 Base Profile for Motion at various line rates when Resolution Configuration is set to Resource Optimized

Figure 2-3 Resolution usage for H.264 High Profile and H.264 Base Profile for Motion at various line rates when Resolution Configuration is set to Video Quality Optimized

88

Polycom, Inc.

Version 8.1.4.J Detailed Description - New Features

Default Minimum Threshold Line Rates and Resource Usage Summary HD1080p60 Resolution is included in the following table summarizing the Default Minimum Threshold Line Rates and Video Resource usage for each of the pre-defined optimization settings for each Resolution, H.264 Profile, Video Quality setting (Sharpness and Motion) for MPMx Card Configuration Mode.

Enabling HD1080p60 HD1080p60 is enabled and configured using the New Profile - Video Quality dialog box and the Basic and Detailed Resolution Configuration dialog boxes: •

An additional option, HD1080, has been added to the Maximum Resolution drop-down menu of the New Profile - Video Quality dialog box.

•

An additional radio button HD1080p60 has been added to the Basic and Detailed Resolution Configuration dialog boxes.

To enable HD1080p60: 1 In the New Profile - Video Quality tab:

Polycom, Inc.

a

Select Motion in the Video Quality drop-down menu.

b

Select HD1080 in the Maximum Resolution drop-down menu.

89

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

HD1080 must be selected as the Maximum Resolution before HD1080p60 can be selected using the Resolution Configuration dialog boxes.

All other Conference Profile fields and their settings are described in detail in the RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide "Defining New Profiles” on page 2-20. 2

When the Conference Profile is complete, click OK.

3

In the Resolution Configuration dialog box: a

90

Click the HD1080p60 radio button.

Polycom, Inc.

Version 8.1.4.J Detailed Description - New Features

b

Optional. If detailed configuration is required, click Detailed Configuration and complete the configuration using the sliders in the Motion tabs of the Detailed Resolution Configuration dialog boxes. Resource-Quality Balanced Resource Optimized Video Quality Optimized

Motion Tab

HD1080p60 Base Profile Slider

HD1080p60 High Profile Slider

For more information see the RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide "This chapter describes Resolution Configuration in MPMx Card Configuration Mode as MPM and MPM+ cards are not supported in this version.” on page 1-138. 4

When the Resolution Configuration is complete, click OK.

Endpoint Connection Endpoints will connect at resolutions as set out in the following table, depending on whether they support H.264 High Profile or not: Video Quality Setting

Sharpness

Polycom, Inc.

Endpoint Connection Bit Rate (kbps) Resolution High Profile Supported

High Profile Not Supported

128Internet Options> Security Settings must be set to Medium or less.

V1.1.0

345

VNGR-25490

Interoperability

A Sony PCS-G50 endpoint stops sending video when the Sony PCS-XG80 sends content while both endpoints are connected via H.323 to the conference.

V7.7

346

VNGR-25499

SIP

When the "auto connection" check box is unchecked in the SIP factory's properties and endpoints dial into a SIP Factory, multiple conferences are started but the endpoints never connect.

V7.7

Polycom, Inc.

Workaround

249

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 2-1

Version 8.1.4.J - System Limitations (Continued) Detected in Version

NO

Key

Category

Description

347

VNGR-25556

Partners Microsoft

When a participant attempts to call a Meeting Room using the Lync client, the participant might receive a "Call was not completed or has ended" message. This can occur when the MCU is shut down and the Lync client displays the Meeting Room as Busy and not as Offline. A few minutes after the MCU shutdown, the Meeting Room status will change to Offline. A participant cannot connect to a meeting room when the status is Offline.

V7.7

348

VNGR-25559

Interoperability

When a number of Lync endpoints dial-in to a Meeting Room, when a Lync endpoint wants to share the desktop, error 488 appears.

V7.7

349

VNGR-25582

General

Cannot send Content from a RealPresence Mobile endpoint to a conference via a Session Border Controller (SBC).

V7.7

Manually add the flag NUM_OF_INITI ATE_H ELLO_MESSA GE_IN_ CALL_ESTABLI SHME NT to the System configuration and setits value to 3.

350

VNGR-26235

Partners Microsoft

Meeting Room Presence remains "busy" (instead of "available") after all participants disconnected from the meeting.

V7.7

The AVMCU meeting must be manually terminated either by the Lync user who initiated the call or by the RMX Manager.

351

VNGR-26290

Partners Microsoft

When a Lync participant connected to a Meeting Room running on the RMX tries to invite a third participant to the meeting, a message indicating that the participant has left the conference is played although all three participants are connected to the conference.

V7.7

352

VNGR-26336

Partners Microsoft

When a Lync endpoint using SIP is muted during a CP conference, there no indication in RMX Client that the endpoint is muted.

V7.7

250

Workaround

Polycom, Inc.

Corrections and Known Limitations

Table 2-1

Version 8.1.4.J - System Limitations (Continued) Detected in Version

NO

Key

Category

Description

353

VNGR-26413

Interoperability

M100 endpoint that connected via dial out over SIP to RMX 1500 cannot send or receive content.

V7.7

An endpoint issue (CMAD-8799)

354

VNGR-26441

Interoperability

When RMX4000 dials out to Avaya SIP endpoints (HDX or AV10xx) registered to ASM via the DMA, endpoints did not connect.

V7.7

DMA issue (DMA-9163)

355

VNGR-26460

Content

Rarely, content sharing session dropped unexpectedly during the conference and a SIP participant was disconnected from the conference followed by the error message "MCU internal problem".

V7.7

356

VNGR-26687

Partners Microsoft

When a Lync endpoint that is connected to a Meeting Room running on the RMX escalates the call from audio to video and back to audio many times within a short period, all the Lync participants disconnect from the conference.

V7.7

To suspend and resume the video display during the conference, use the Pause/ Resume video button.

357

VNGR-3089

HD

In HD Video Switching conferences, Tandberg endpoints may connect as Secondary when HD frame rate capabilities are less than 7.5 frames per second.

V1.1.0

Create a CP conference

358

VNGR-3276

SIP

SIP participants cannot connect to a conference when the conference name contains blank spaces.

V1.1.0

359

VNGR-3824

General

The Click & View menu doesn't appear in 64 Kbps calls.

V1.1.0

Use the RMX Web Client.

360

VNGR-3977

Interoperability

Faulty connection status is indicated when the RSS 2000 recording link is the only participant in a conference and its video stream is not synchronized.

V1.1.0

The video stream is synchronized when the first participant connects to the conference.

361

VNGR-4405

ISDN

When a busy signal is returned by a PSTN dial-out participant, the RMX does not redial but disconnects the participant with “party hung-up-0” status.

V2.0.0

Polycom, Inc.

Workaround

251

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 2-1

Version 8.1.4.J - System Limitations (Continued) Detected in Version

NO

Key

Category

Description

362

VNGR-4652

Interoperability

HDX/VSX endpoints cannot connect directly to conferences while registered with Cisco Gatekeeper using the IP##NID string.

V1.1.0

363

VNGR-5151

Multilingual

The Display Name of undefined dial-in participant using HDX and VSX 7000 endpoints is displayed in English in the RMX Web Client.

V2.0.0

364

VNGR-5310

Multilingual

Multilingual Settings are not reflected on the Shelf Management login page and the multilingual flags appear in the Shelf Manager window even when they have not been selected in the Multilingual Settings pane.

V2.0.0

365

VNGR-6809

Interoperability

iPower endpoints are transmitting H.263 video instead of H.264 video in 384Kbps conferences while other endpoints transmit H.264 video.

V7.1

366

VNGR-6902

Interoperability

Sony PCS G70 (v2.61) and Sony PCS-1(v3.41) endpoints cannot connect to conferences using SIP connections.

V5.1

Force the endpoints to connect using H.323 connection.

367

VNGR-7557

RMX Web Client

When connecting directly to the Shelf Manager and selecting Diagnostic Mode the CNTL module does not enter the diagnostic mode and stays “Normal”.

V3.0.0

Reset the MCU and then switch to Diagnostic Mode.

368

VNGR-7597

Interoperability

H.323 link is connected as secondary when cascading with Tandberg MPS at 768Kbps, in both Video Switching and CP conferences.

V3.0.0

369

VNGR-7598

Interoperability

H.323 link is connected as secondary when cascading with Tandberg MPS at 768Kbps, in both Video Switching and CP conferences.

V3.0.0

370

VNGR-7734

IP

Static Routes table in IP Network Service does not function.

V3.0.0

371

VNGR-8259

Software Version

If an RMX operating in Secure Communication Mode, is downgraded to a version that does not support Secure Communication Mode (V2.0, V1.1), all connectivity to the RMX is lost.

V3.0.0

252

Workaround Connect directly using the MCU IP Address via the Transit Entry Queue.

Cancel the Secure Mode before downgrading

Polycom, Inc.

Corrections and Known Limitations

Table 2-1

Version 8.1.4.J - System Limitations (Continued) Detected in Version

NO

Key

Category

Description

372

VNGR-8605

Interoperability

The video of Sony G70 endpoint that is connected to a conference over ISDN at line rate of 128Kbps freezes when receiving Content from an HDX endpoint.

V3.0.0

373

VNGR-9015

Interoperability

Radvision ECS Gatekeeper set to Routed Mode is not forwarding the LPR parameters as required, causing HDX calls with LPR enabled to connect with no video.

V3.0.0

374

VNGR-9228

Software Version

When trying to restore last version, after upgrading from version 3 to version 4, the RMX prompts for an activation key.

V4.0.0

375

VNGR-9340

CDR

When a conference was terminated by an MCU reset, an incorrect status “Ongoing Conference” will be displayed in the CDR List pane.

V4.0.0

376

VNGR-9565

Upgrade Process

When downgrading from version 4.0 to version 3.0, the MPM card does revert to normal.

V4.0.0

377

VNGR-9677

Interoperability

When switching Content sending from an HDX9004 to Aethra X7 and back, Content is not received by Aethra X7.

V4.0.0

378

VNGR-9729

General

When moving from MPM+ to MPM mode (with only MPM cards installed in the MCU), the Card Configuration Mode, indicated in the System Information dialog box, remains in MPM+ Mode.

V4.0.0

Logout and then login to the RMX Web Client.

379

VNGR-9740

Upgrade Process

When upgrading from version 2.0.2 to version 4.1, and then Restoring the Factory Defaults, during system restart sometimes MPL failure is encountered.

V4.0.0

Turn the MCU off and then turn it on (“hardware” reset).

380

VNGR-9803

General

When using the restore to factory defaults, after inserting the Activation key, the system requires a reset when the reset is not required.

V4.0.0

381

VNGR-9829

RMX Web Client

Occasionally, during an ongoing conference, when selecting the Hardware Monitor menu the message “No connection with Switch” appears.

V4.0.0

Polycom, Inc.

Workaround

253

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Table 2-1

Version 8.1.4.J - System Limitations (Continued) Detected in Version

NO

Key

Category

Description

382

VNGR-9830

Interoperability

HDX endpoints may experience packet loss when the HDX endpoint's LAN Speed is configured to 100MB.

V4.0.0

383

VNGR-9834

IVR

When DTMF codes have been entered by the participants, the volume of the IVR Message may be suppressed or the message may be cut.

V4.0.0

384

VNGR-9843

Interoperability

During an H.323 call, Tandberg 6000 B10 endpoint receives corrupted H239 content from an HDX.

V7.1

385

VNGR-9844

Interoperability

During an H.320 call, Tandberg 6000 B10 endpoint does not receive content from an HDX9004.

V7.1

386

VNGR-9909

Interoperability

When dialing out to a Tandberg MXP ISDN endpoint, the IVR slide is not displayed, although the IVR message is played.

V4.0.0

254

Workaround Set the endpoint LAN Speed and Duplex Mode to Auto.

Polycom, Inc.

Troubleshooting Instructions

Troubleshooting Instructions RMX Web Client Installation - Troubleshooting Instructions If a Browser Environment Error occurs, close all the Internet Explorer sessions and reconnect to the MCU. If the problem persists, you can run the Automatic Troubleshooting Utility or perform the Troubleshooting Procedures manually.

The Manual Troubleshooting Procedures include several procedures that can be performed in order to solve the connection error. At the end of each procedure, check if you can connect to the MCU and if the problem persists, perform the next procedure. In Secured Mode (https//:), the DNS name specified in the RMX’s Certificate must correspond with that of the DNS Server used by the Client that is connecting to the RMX.

The following troubleshooting procedures can be performed manually:

Polycom, Inc.

•

Procedure 1: Ending all Internet Explorer Sessions

•

Procedure 2: Deleting the Temporary Internet Files, Collaboration Server Cookie and Collaboration Server Object

•

Procedure 3: Managing Add-ons Collisions

•

Procedure 4: Add the Collaboration Server to the Internet Explorer Trusted Sites List

•

Procedure 5: Browser Hosting Controls (Optional)

255

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Procedure 1: Ending all Internet Explorer Sessions In some cases, although all the Internet Explorer sessions were closed, the system did not end one or several IE processes. These processes must be ended manually. To end all Internet Explorer sessions: 1 Start the Task Manager and click the Processes tab. 2

Select an iexplore process and click the End Process button.

3

Repeat this process for all iexplore processes that are currently active.

4

Close the Windows Task Manager dialog box.

5

Open the Internet Explorer and connect to the MCU.

If the problem persists, continue with Procedure 2.

Procedure 2: Deleting the Temporary Internet Files, RMX Cookie and RMX Object If at the end of Procedure 1 the error message is still displayed, and you cannot connect to the MCU, perform the following operations:

256

•

Delete the Temporary Internet files

•

Delete the RMX/Collaboration Server Cookie

•

Delete the RMX/RMX ActiveX Object

Polycom, Inc.

Troubleshooting Instructions

Deleting the Temporary Internet Files To delete the Temporary files: 1 In the Internet Explorer, click Tools > Internet Options. The Internet Options dialog box opens. 2

In the Browsing history pane, click the Delete button.

The Delete Browsing History dialog box opens.

Polycom, Inc.

257

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

258

3

It is recommended to delete only the Temporary Internet files. By default, the Cookies option is also selected. Clear it if you do not want to clear the cookies from your computer.

4

Click the Delete button.

5

When the process is complete, the system return to the Internet Options dialog box.

Polycom, Inc.

Troubleshooting Instructions

Deleting the RMX/Collaboration Server Cookie To delete the RMX Cookie: 6 In the Internet Options dialog box - Browsing History pane, click the Settings button.

The Temporary Internet Files and History Settings dialog box opens. 7

Click the View files button.

The Windows Explorer screen opens, listing Windows Temporary Internet Files.

Polycom, Inc.

259

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

8

Browse to the RMX/ RMX cookie. The cookie is listed in the format: cookie:user name@RMX/RMX IP address. For example: cookie:[email protected].

9

Right-click the RMX cookie and click Delete.

The system prompts for confirmation. 10 Click Yes. The cookie is deleted. 11 Close the Windows Explorer screen.

Deleting the RMX/Collaboration Server ActiveX Object To delete the RMX/RMX ActiveX Object: 12 In the Temporary Internet Files and History Settings dialog box, click the View objects button.

The Windows Explorer screen opens, listing the Windows Downloaded Program Files.

260

Polycom, Inc.

Troubleshooting Instructions

13 Right-click the EMA.ClassLoader.dll and then click Delete.

The system prompts for confirmation. 14 Click Yes. The RMX object is deleted. 15 Close the Windows Explorer screen. 16 In the Temporary Internet Files and History Settings dialog box, click OK. 17 In the Internet Options dialog box, click OK to close it. 18 Close the Internet Explorer session and reopen it. 19 Connect to the RMX. If the problem persists, continue with Procedure 3.

Procedure 3: Managing Add-ons Collisions In some cases, previously installed add-ons, such as anti virus programs can create collisions between applications and prevent the installation of a new add on. Disabling these add-ons may be required in order to install the RMX Web Client.

Polycom, Inc.

261

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

To disable an add-on: 1 In the Internet Explorer, click Tools > Manage Add-ons. The Manage Add-ons - Toolbars and Extensions dialog box opens. 2

Scroll to the add-on to disable (for example, the anti virus add-on), right-click it and then click Disable. Alternatively, select the add-on and click the Disable button.

3

Click the Close button to close this dialog box.

4

Connect to the RMX.

If the problem persists, continue with the Procedure 4.

Procedure 4: Add the Collaboration Server to the Internet Explorer Trusted Sites List In some cases, local security settings may prevent Internet Explorer from accessing the RMX. To add the RMX to the Internet Explorer Trusted Sites list: 1 In the Internet Options dialog box, click the Security tab.

262

Polycom, Inc.

Troubleshooting Instructions

The Security tab is displayed.

2

Click the Trusted Sites tab.

3

Click the Sites button. The Trusted sites dialog is displayed.

4

5

Polycom, Inc.

If the RMX is using Secure Mode: a

In the Add this website to the zone: field, enter, “https://” followed by the IP address or the DNS name of the RMX.

b

Click the Add button.

c

Click the Close button.

If the RMX is using Standard Security Mode: a

In the Add this website to the zone: field, enter, “https://” followed by the IP address or the DNS name of the RMX.

b

Click the Add button.

c

Clear the Require server verification (https:) for all sites in this zone checkbox.

d

Click the Close button.

263

RealPresence Collaboration Server (RMX) 1500/2000/4000 Release Notes for Maximum Security Environments Version 8.1.4.J

Procedure 5: Browser Hosting Controls (Optional) If the RMX Web Client does not load and run after Procedures 1-4 have been performed, the reason may be that .NET Framework 4 or higher is running on the workstation with Managed Browser Hosting Controls disabled. Managed Browser Hosting Controls is an Internet Explorer operating mode required by the RMX Web Client. By default, .NET Framework 4 and higher are not enabled to support Managed Browser Hosting Controls. Perform Procedure 5 to: •

Determine whether .NET Framework 4 or higher is running on the workstation.

•

Determine whether a 32-bit or 64-bit version of Windows is running on the workstation.

•

Enable Managed Browser Hosting Controls if .NET Framework 4 or higher is running on the workstation.

To enable Managed Browser Hosting Controls: 1 Determine whether .NET Framework 4 or higher is running on the workstation.

2

3

a

On the Windows Desktop, click Start.

b

In the Start Menu, click Control Panel.

c

In the Control Panel, click Programs and Features.

d

Inspect the Programs and Features list for the version of Microsoft .NET Framework Client Profile that is installed.

Determine whether a 32-bit or 64-bit version of Windows is running on the workstation: a

On the Windows Desktop, click Start.

b

In the Start Menu, click Computer.

c

In the Computer Menu, System properties and inspect the value of the System type field in the System section

Enable Managed Browser Hosting Controls if .NET Framework 4 or higher is running on the workstation. a

Open the Registry.

b

Navigate to the Subkey: •

264

c

32-bit System: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\.NETFramework • 64-bit System: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETF ramework Add the Dword Value: EnableIEHosting

d

Set value of EnableIEHosting to 1.

e

Close the Registry.

f

Close and re-open Internet Explorer.

Polycom, Inc.